diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 2027c7548aa..c8c1884c937 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -36,14 +36,14 @@ jobs:
- uses: ./tools/github-actions/setup-deps
- name: Initialize CodeQL
- uses: github/codeql-action/init@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
+ uses: github/codeql-action/init@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4
with:
languages: ${{ matrix.language }}
- name: Autobuild
- uses: github/codeql-action/autobuild@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
+ uses: github/codeql-action/autobuild@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4
- name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
+ uses: github/codeql-action/analyze@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4
with:
category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/docs.yaml b/.github/workflows/docs.yaml
index 22437cb9cd8..b147f5e5cf0 100644
--- a/.github/workflows/docs.yaml
+++ b/.github/workflows/docs.yaml
@@ -3,14 +3,12 @@ on:
push:
branches:
- "main"
- - "release/v*"
paths:
- 'site/**'
- 'tools/make/docs.mk'
pull_request:
branches:
- "main"
- - "release/v*"
paths:
- 'site/**'
- 'tools/make/docs.mk'
diff --git a/.github/workflows/latest_release.yaml b/.github/workflows/latest_release.yaml
index 0b709f9fe1a..b6e7d4c6d3f 100644
--- a/.github/workflows/latest_release.yaml
+++ b/.github/workflows/latest_release.yaml
@@ -107,7 +107,7 @@ jobs:
GITHUB_REPOSITORY: ${{ github.repository_owner }}/${{ github.event.repository.name }}
- name: Recreate the Latest Release and Tag
- uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 # v0.1.15
+ uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v0.1.15
with:
draft: false
prerelease: true
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 2235d0e573c..7aea9e9d700 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -96,7 +96,7 @@ jobs:
tar -zcvf egctl_${{ env.release_tag }}_darwin_arm64.tar.gz bin/darwin/arm64/egctl
- name: Upload Release Manifests
- uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 # v0.1.15
+ uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v0.1.15
with:
files: |
release-artifacts/install.yaml
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 6e816b5460f..23235a9a5ba 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -40,6 +40,6 @@ jobs:
retention-days: 5
- name: "Upload to code-scanning"
- uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0
+ uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4
with:
sarif_file: results.sarif
diff --git a/api/v1alpha1/accesslogging_types.go b/api/v1alpha1/accesslogging_types.go
index 31eac69f122..de34acdcd7d 100644
--- a/api/v1alpha1/accesslogging_types.go
+++ b/api/v1alpha1/accesslogging_types.go
@@ -138,10 +138,7 @@ const (
// The service must implement the Envoy gRPC Access Log Service streaming API:
// https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/accesslog/v3/als.proto
// Access log format information is passed in the form of gRPC metadata when the
-// stream is established. Specifically, the following metadata is passed:
-//
-// - `x-accesslog-text` - The access log format string when a Text format is used.
-// - `x-accesslog-attr` - JSON encoded key/value pairs when a JSON format is used.
+// stream is established.
//
// +kubebuilder:validation:XValidation:rule="self.type == 'HTTP' || !has(self.http)",message="The http field may only be set when type is HTTP."
// +kubebuilder:validation:XValidation:message="BackendRefs must be used, backendRef is not supported.",rule="!has(self.backendRef)"
diff --git a/api/v1alpha1/authorization_types.go b/api/v1alpha1/authorization_types.go
index 56e8d44e1b3..5a99b4401a4 100644
--- a/api/v1alpha1/authorization_types.go
+++ b/api/v1alpha1/authorization_types.go
@@ -71,7 +71,6 @@ type Principal struct {
// Note: in order to use JWT claims for authorization, you must configure the
// JWT authentication in the same `SecurityPolicy`.
// +optional
- // +notImplementedHide
JWT *JWTPrincipal `json:"jwt,omitempty"`
}
diff --git a/api/v1alpha1/clienttrafficpolicy_types.go b/api/v1alpha1/clienttrafficpolicy_types.go
index 63b2c91fb2e..6c7129da060 100644
--- a/api/v1alpha1/clienttrafficpolicy_types.go
+++ b/api/v1alpha1/clienttrafficpolicy_types.go
@@ -237,14 +237,29 @@ type ClientIPDetectionSettings struct {
}
// XForwardedForSettings provides configuration for using X-Forwarded-For headers for determining the client IP address.
+// Refer to https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#x-forwarded-for
+// for more details.
+// +kubebuilder:validation:XValidation:rule="(has(self.numTrustedHops) && !has(self.trustedCIDRs)) || (!has(self.numTrustedHops) && has(self.trustedCIDRs))", message="only one of numTrustedHops or trustedCIDRs must be set"
type XForwardedForSettings struct {
// NumTrustedHops controls the number of additional ingress proxy hops from the right side of XFF HTTP
// headers to trust when determining the origin client's IP address.
- // Refer to https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#x-forwarded-for
- // for more details.
+ // Only one of NumTrustedHops and TrustedCIDRs must be set.
//
// +optional
NumTrustedHops *uint32 `json:"numTrustedHops,omitempty"`
+
+ // TrustedCIDRs is a list of CIDR ranges to trust when evaluating
+ // the remote IP address to determine the original client’s IP address.
+ // When the remote IP address matches a trusted CIDR and the x-forwarded-for header was sent,
+ // each entry in the x-forwarded-for header is evaluated from right to left
+ // and the first public non-trusted address is used as the original client address.
+ // If all addresses in x-forwarded-for are within the trusted list, the first (leftmost) entry is used.
+ // Only one of NumTrustedHops and TrustedCIDRs must be set.
+ //
+ // +optional
+ // +kubebuilder:validation:MinItems=1
+ // +notImplementedHide
+ TrustedCIDRs []CIDR `json:"trustedCIDRs,omitempty"`
}
// CustomHeaderExtensionSettings provides configuration for determining the client IP address for a request based on
diff --git a/api/v1alpha1/ext_auth_types.go b/api/v1alpha1/ext_auth_types.go
index c086b0072c5..aefec44f907 100644
--- a/api/v1alpha1/ext_auth_types.go
+++ b/api/v1alpha1/ext_auth_types.go
@@ -60,7 +60,6 @@ type ExtAuth struct {
// The authorization request message is defined in
// https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/auth/v3/external_auth.proto
// +kubebuilder:validation:XValidation:message="backendRef or backendRefs needs to be set",rule="has(self.backendRef) || self.backendRefs.size() > 0"
-// +kubebuilder:validation:XValidation:message="BackendRefs must be used, backendRef is not supported.",rule="!has(self.backendRef)"
// +kubebuilder:validation:XValidation:message="BackendRefs only supports Service and Backend kind.",rule="has(self.backendRefs) ? self.backendRefs.all(f, f.kind == 'Service' || f.kind == 'Backend') : true"
// +kubebuilder:validation:XValidation:message="BackendRefs only supports Core and gateway.envoyproxy.io group.",rule="has(self.backendRefs) ? (self.backendRefs.all(f, f.group == \"\" || f.group == 'gateway.envoyproxy.io')) : true"
type GRPCExtAuthService struct {
@@ -71,7 +70,6 @@ type GRPCExtAuthService struct {
// HTTPExtAuthService defines the HTTP External Authorization service
//
// +kubebuilder:validation:XValidation:message="backendRef or backendRefs needs to be set",rule="has(self.backendRef) || self.backendRefs.size() > 0"
-// +kubebuilder:validation:XValidation:message="BackendRefs must be used, backendRef is not supported.",rule="!has(self.backendRef)"
// +kubebuilder:validation:XValidation:message="BackendRefs only supports Service and Backend kind.",rule="has(self.backendRefs) ? self.backendRefs.all(f, f.kind == 'Service' || f.kind == 'Backend') : true"
// +kubebuilder:validation:XValidation:message="BackendRefs only supports Core and gateway.envoyproxy.io group.",rule="has(self.backendRefs) ? (self.backendRefs.all(f, f.group == \"\" || f.group == 'gateway.envoyproxy.io')) : true"
type HTTPExtAuthService struct {
diff --git a/api/v1alpha1/tls_types.go b/api/v1alpha1/tls_types.go
index b926558c525..bf2a1f50569 100644
--- a/api/v1alpha1/tls_types.go
+++ b/api/v1alpha1/tls_types.go
@@ -69,7 +69,12 @@ type TLSSettings struct {
SignatureAlgorithms []string `json:"signatureAlgorithms,omitempty"`
// ALPNProtocols supplies the list of ALPN protocols that should be
- // exposed by the listener. By default h2 and http/1.1 are enabled.
+ // exposed by the listener or used by the proxy to connect to the backend.
+ // Defaults:
+ // 1. HTTPS Routes: h2 and http/1.1 are enabled in listener context.
+ // 2. Other Routes: ALPN is disabled.
+ // 3. Backends: proxy uses the appropriate ALPN options for the backend protocol.
+ // When an empty list is provided, the ALPN TLS extension is disabled.
// Supported values are:
// - http/1.0
// - http/1.1
diff --git a/api/v1alpha1/validation/securitypolicy_validate.go b/api/v1alpha1/validation/securitypolicy_validate.go
index 628d3f80173..64425afdd6a 100644
--- a/api/v1alpha1/validation/securitypolicy_validate.go
+++ b/api/v1alpha1/validation/securitypolicy_validate.go
@@ -10,6 +10,7 @@ import (
"fmt"
"net/mail"
"net/url"
+ "strings"
utilerrors "k8s.io/apimachinery/pkg/util/errors"
"k8s.io/apimachinery/pkg/util/validation"
@@ -69,13 +70,21 @@ func ValidateJWTProvider(providers []egv1a1.JWTProvider) error {
case len(provider.Name) == 0:
errs = append(errs, errors.New("jwt provider cannot be an empty string"))
case len(provider.Issuer) != 0:
- // Issuer can take the format of a URL or an email address.
- if _, err := url.ParseRequestURI(provider.Issuer); err != nil {
- _, err := mail.ParseAddress(provider.Issuer)
- if err != nil {
- errs = append(errs, fmt.Errorf("invalid issuer; must be a URL or email address: %w", err))
+ switch {
+ // Issuer follows StringOrURI format based on https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.1.
+ // Hence, when it contains ':', it MUST be a valid URI.
+ case strings.Contains(provider.Issuer, ":"):
+ if _, err := url.ParseRequestURI(provider.Issuer); err != nil {
+ errs = append(errs, fmt.Errorf("invalid issuer; when issuer contains ':' character, it MUST be a valid URI"))
+ }
+ // Adding reserved character for '@', to represent an email address.
+ // Hence, when it contains '@', it MUST be a valid Email Address.
+ case strings.Contains(provider.Issuer, "@"):
+ if _, err := mail.ParseAddress(provider.Issuer); err != nil {
+ errs = append(errs, fmt.Errorf("invalid issuer; when issuer contains '@' character, it MUST be a valid Email Address format: %w", err))
}
}
+
case len(provider.RemoteJWKS.URI) == 0:
errs = append(errs, fmt.Errorf("uri must be set for remote JWKS provider: %s", provider.Name))
}
diff --git a/api/v1alpha1/validation/securitypolicy_validate_test.go b/api/v1alpha1/validation/securitypolicy_validate_test.go
index 489c7644f8b..460a0edbb79 100644
--- a/api/v1alpha1/validation/securitypolicy_validate_test.go
+++ b/api/v1alpha1/validation/securitypolicy_validate_test.go
@@ -41,7 +41,7 @@ func TestValidateSecurityPolicy(t *testing.T) {
expected: false,
},
{
- name: "valid security policy with url",
+ name: "valid security policy with URI issuer",
policy: &egv1a1.SecurityPolicy{
TypeMeta: metav1.TypeMeta{
Kind: egv1a1.KindSecurityPolicy,
@@ -69,7 +69,7 @@ func TestValidateSecurityPolicy(t *testing.T) {
expected: true,
},
{
- name: "valid security policy with email",
+ name: "valid security policy with Email issuer",
policy: &egv1a1.SecurityPolicy{
TypeMeta: metav1.TypeMeta{
Kind: egv1a1.KindSecurityPolicy,
@@ -96,6 +96,34 @@ func TestValidateSecurityPolicy(t *testing.T) {
},
expected: true,
},
+ {
+ name: "valid security policy with non URI/Email Issuer",
+ policy: &egv1a1.SecurityPolicy{
+ TypeMeta: metav1.TypeMeta{
+ Kind: egv1a1.KindSecurityPolicy,
+ APIVersion: egv1a1.GroupVersion.String(),
+ },
+ ObjectMeta: metav1.ObjectMeta{
+ Namespace: "test",
+ Name: "test",
+ },
+ Spec: egv1a1.SecurityPolicySpec{
+ JWT: &egv1a1.JWT{
+ Providers: []egv1a1.JWTProvider{
+ {
+ Name: "test",
+ Issuer: "foo.bar.local",
+ Audiences: []string{"foo.bar.local"},
+ RemoteJWKS: egv1a1.RemoteJWKS{
+ URI: "https://test.local/jwt/public-key/jwks.json",
+ },
+ },
+ },
+ },
+ },
+ },
+ expected: true,
+ },
{
name: "valid security policy with jwtClaimToHeader",
policy: &egv1a1.SecurityPolicy{
diff --git a/api/v1alpha1/wasm_types.go b/api/v1alpha1/wasm_types.go
index 66c0e1fc84f..8913486d6f1 100644
--- a/api/v1alpha1/wasm_types.go
+++ b/api/v1alpha1/wasm_types.go
@@ -10,6 +10,14 @@ import (
gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
)
+// WasmEnv defines the environment variables for the VM of a Wasm extension
+type WasmEnv struct {
+ // HostKeys is a list of keys for environment variables from the host envoy process
+ // that should be passed into the Wasm VM. This is useful for passing secrets to to Wasm extensions.
+ // +optional
+ HostKeys []string `json:"hostKeys,omitempty"`
+}
+
// Wasm defines a Wasm extension.
//
// Note: at the moment, Envoy Gateway does not support configuring Wasm runtime.
@@ -52,6 +60,10 @@ type Wasm struct {
// Priority defines the location of the Wasm extension in the HTTP filter chain.
// If not specified, the Wasm extension will be inserted before the router filter.
// Priority *uint32 `json:"priority,omitempty"`
+
+ // Env configures the environment for the Wasm extension
+ // +optional
+ Env *WasmEnv `json:"env,omitempty"`
}
// WasmCodeSource defines the source of the Wasm code.
diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
index 89e1b154a4a..860c3b85c2e 100644
--- a/api/v1alpha1/zz_generated.deepcopy.go
+++ b/api/v1alpha1/zz_generated.deepcopy.go
@@ -5499,6 +5499,11 @@ func (in *Wasm) DeepCopyInto(out *Wasm) {
*out = new(bool)
**out = **in
}
+ if in.Env != nil {
+ in, out := &in.Env, &out.Env
+ *out = new(WasmEnv)
+ (*in).DeepCopyInto(*out)
+ }
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Wasm.
@@ -5541,6 +5546,26 @@ func (in *WasmCodeSource) DeepCopy() *WasmCodeSource {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *WasmEnv) DeepCopyInto(out *WasmEnv) {
+ *out = *in
+ if in.HostKeys != nil {
+ in, out := &in.HostKeys, &out.HostKeys
+ *out = make([]string, len(*in))
+ copy(*out, *in)
+ }
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WasmEnv.
+func (in *WasmEnv) DeepCopy() *WasmEnv {
+ if in == nil {
+ return nil
+ }
+ out := new(WasmEnv)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *XDSTranslatorHooks) DeepCopyInto(out *XDSTranslatorHooks) {
*out = *in
@@ -5599,6 +5624,11 @@ func (in *XForwardedForSettings) DeepCopyInto(out *XForwardedForSettings) {
*out = new(uint32)
**out = **in
}
+ if in.TrustedCIDRs != nil {
+ in, out := &in.TrustedCIDRs, &out.TrustedCIDRs
+ *out = make([]CIDR, len(*in))
+ copy(*out, *in)
+ }
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new XForwardedForSettings.
diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml
index 3e626f3f88a..d3afb65b302 100644
--- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml
+++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_clienttrafficpolicies.yaml
@@ -85,11 +85,32 @@ spec:
description: |-
NumTrustedHops controls the number of additional ingress proxy hops from the right side of XFF HTTP
headers to trust when determining the origin client's IP address.
- Refer to https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#x-forwarded-for
- for more details.
+ Only one of NumTrustedHops and TrustedCIDRs must be set.
format: int32
type: integer
+ trustedCIDRs:
+ description: |-
+ TrustedCIDRs is a list of CIDR ranges to trust when evaluating
+ the remote IP address to determine the original client’s IP address.
+ When the remote IP address matches a trusted CIDR and the x-forwarded-for header was sent,
+ each entry in the x-forwarded-for header is evaluated from right to left
+ and the first public non-trusted address is used as the original client address.
+ If all addresses in x-forwarded-for are within the trusted list, the first (leftmost) entry is used.
+ Only one of NumTrustedHops and TrustedCIDRs must be set.
+ items:
+ description: |-
+ CIDR defines a CIDR Address range.
+ A CIDR can be an IPv4 address range such as "192.168.1.0/24" or an IPv6 address range such as "2001:0db8:11a3:09d7::/64".
+ pattern: ((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\/([0-9]+))|((([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))\/([0-9]+))
+ type: string
+ minItems: 1
+ type: array
type: object
+ x-kubernetes-validations:
+ - message: only one of numTrustedHops or trustedCIDRs must be
+ set
+ rule: (has(self.numTrustedHops) && !has(self.trustedCIDRs))
+ || (!has(self.numTrustedHops) && has(self.trustedCIDRs))
type: object
x-kubernetes-validations:
- message: customHeader cannot be used in conjunction with xForwardedFor
@@ -668,7 +689,12 @@ spec:
alpnProtocols:
description: |-
ALPNProtocols supplies the list of ALPN protocols that should be
- exposed by the listener. By default h2 and http/1.1 are enabled.
+ exposed by the listener or used by the proxy to connect to the backend.
+ Defaults:
+ 1. HTTPS Routes: h2 and http/1.1 are enabled in listener context.
+ 2. Other Routes: ALPN is disabled.
+ 3. Backends: proxy uses the appropriate ALPN options for the backend protocol.
+ When an empty list is provided, the ALPN TLS extension is disabled.
Supported values are:
- http/1.0
- http/1.1
diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml
index 6baa2842c0c..e6cb298d3a8 100644
--- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml
+++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyextensionpolicies.yaml
@@ -1232,6 +1232,17 @@ spec:
Config is the configuration for the Wasm extension.
This configuration will be passed as a JSON string to the Wasm extension.
x-kubernetes-preserve-unknown-fields: true
+ env:
+ description: Env configures the environment for the Wasm extension
+ properties:
+ hostKeys:
+ description: |-
+ HostKeys is a list of keys for environment variables from the host envoy process
+ that should be passed into the Wasm VM. This is useful for passing secrets to to Wasm extensions.
+ items:
+ type: string
+ type: array
+ type: object
failOpen:
default: false
description: |-
diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml
index 4277092874a..84fb126a79b 100644
--- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml
+++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml
@@ -51,7 +51,12 @@ spec:
alpnProtocols:
description: |-
ALPNProtocols supplies the list of ALPN protocols that should be
- exposed by the listener. By default h2 and http/1.1 are enabled.
+ exposed by the listener or used by the proxy to connect to the backend.
+ Defaults:
+ 1. HTTPS Routes: h2 and http/1.1 are enabled in listener context.
+ 2. Other Routes: ALPN is disabled.
+ 3. Backends: proxy uses the appropriate ALPN options for the backend protocol.
+ When an empty list is provided, the ALPN TLS extension is disabled.
Supported values are:
- http/1.0
- http/1.1
diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml
index b6a040f8c42..840c8d59d30 100644
--- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml
+++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml
@@ -1204,8 +1204,6 @@ spec:
x-kubernetes-validations:
- message: backendRef or backendRefs needs to be set
rule: has(self.backendRef) || self.backendRefs.size() > 0
- - message: BackendRefs must be used, backendRef is not supported.
- rule: '!has(self.backendRef)'
- message: BackendRefs only supports Service and Backend kind.
rule: 'has(self.backendRefs) ? self.backendRefs.all(f, f.kind
== ''Service'' || f.kind == ''Backend'') : true'
@@ -2103,8 +2101,6 @@ spec:
x-kubernetes-validations:
- message: backendRef or backendRefs needs to be set
rule: has(self.backendRef) || self.backendRefs.size() > 0
- - message: BackendRefs must be used, backendRef is not supported.
- rule: '!has(self.backendRef)'
- message: BackendRefs only supports Service and Backend kind.
rule: 'has(self.backendRefs) ? self.backendRefs.all(f, f.kind
== ''Service'' || f.kind == ''Backend'') : true'
diff --git a/examples/envoy-als/Dockerfile b/examples/envoy-als/Dockerfile
index 0ad9437f993..835a8200716 100644
--- a/examples/envoy-als/Dockerfile
+++ b/examples/envoy-als/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.23.1 AS builder
+FROM golang:1.23.3 AS builder
ARG GO_LDFLAGS=""
diff --git a/examples/envoy-als/go.mod b/examples/envoy-als/go.mod
index 610090483ad..df62679506a 100644
--- a/examples/envoy-als/go.mod
+++ b/examples/envoy-als/go.mod
@@ -1,6 +1,6 @@
module github.com/envoyproxy/gateway-envoy-als
-go 1.23.1
+go 1.23.3
require (
github.com/envoyproxy/go-control-plane v0.13.1
diff --git a/examples/extension-server/go.mod b/examples/extension-server/go.mod
index 7b09ae7320b..b484a19a6b7 100644
--- a/examples/extension-server/go.mod
+++ b/examples/extension-server/go.mod
@@ -1,22 +1,22 @@
module github.com/exampleorg/envoygateway-extension
-go 1.23.1
+go 1.23.3
require (
github.com/envoyproxy/gateway v1.0.2
github.com/envoyproxy/go-control-plane v0.13.1
github.com/urfave/cli/v2 v2.27.5
- google.golang.org/grpc v1.67.1
- google.golang.org/protobuf v1.35.1
+ google.golang.org/grpc v1.68.0
+ google.golang.org/protobuf v1.35.2
k8s.io/apimachinery v0.31.2
sigs.k8s.io/controller-runtime v0.19.1
sigs.k8s.io/gateway-api v1.2.0
)
require (
- cel.dev/expr v0.16.0 // indirect
+ cel.dev/expr v0.18.0 // indirect
github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect
- github.com/cncf/xds/go v0.0.0-20240723142845-024c85f92f20 // indirect
+ github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78 // indirect
github.com/cpuguy83/go-md2man/v2 v2.0.5 // indirect
github.com/envoyproxy/protoc-gen-validate v1.1.0 // indirect
github.com/fxamacker/cbor/v2 v2.7.0 // indirect
@@ -31,11 +31,11 @@ require (
github.com/russross/blackfriday/v2 v2.1.0 // indirect
github.com/x448/float16 v0.8.4 // indirect
github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 // indirect
- golang.org/x/net v0.30.0 // indirect
- golang.org/x/sys v0.26.0 // indirect
- golang.org/x/text v0.19.0 // indirect
- google.golang.org/genproto/googleapis/api v0.0.0-20241007155032-5fefd90f89a9 // indirect
- google.golang.org/genproto/googleapis/rpc v0.0.0-20241007155032-5fefd90f89a9 // indirect
+ golang.org/x/net v0.31.0 // indirect
+ golang.org/x/sys v0.27.0 // indirect
+ golang.org/x/text v0.20.0 // indirect
+ google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 // indirect
+ google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
k8s.io/klog/v2 v2.130.1 // indirect
diff --git a/examples/extension-server/go.sum b/examples/extension-server/go.sum
index 42db960b446..8bac1672b4e 100644
--- a/examples/extension-server/go.sum
+++ b/examples/extension-server/go.sum
@@ -1,9 +1,9 @@
-cel.dev/expr v0.16.0 h1:yloc84fytn4zmJX2GU3TkXGsaieaV7dQ057Qs4sIG2Y=
-cel.dev/expr v0.16.0/go.mod h1:TRSuuV7DlVCE/uwv5QbAiW/v8l5O8C4eEPHeu7gf7Sg=
+cel.dev/expr v0.18.0 h1:CJ6drgk+Hf96lkLikr4rFf19WrU0BOWEihyZnI2TAzo=
+cel.dev/expr v0.18.0/go.mod h1:MrpN08Q+lEBs+bGYdLxxHkZoUSsCp0nSKTs0nTymJgw=
github.com/census-instrumentation/opencensus-proto v0.4.1 h1:iKLQ0xPNFxR/2hzXZMrBo8f1j86j5WHzznCCQxV/b8g=
github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw=
-github.com/cncf/xds/go v0.0.0-20240723142845-024c85f92f20 h1:N+3sFI5GUjRKBi+i0TxYVST9h4Ie192jJWpHvthBBgg=
-github.com/cncf/xds/go v0.0.0-20240723142845-024c85f92f20/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8=
+github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78 h1:QVw89YDxXxEe+l8gU8ETbOasdwEV+avkR75ZzsVV9WI=
+github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8=
github.com/cpuguy83/go-md2man/v2 v2.0.5 h1:ZtcqGrnekaHpVLArFSe4HK5DoKx1T0rq2DwVB0alcyc=
github.com/cpuguy83/go-md2man/v2 v2.0.5/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
@@ -23,6 +23,8 @@ github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1v
github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
+github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
+github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
@@ -81,20 +83,20 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4=
-golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU=
+golang.org/x/net v0.31.0 h1:68CPQngjLL0r2AlUKiSxtQFKvzRVbnzLwMUn5SzcLHo=
+golang.org/x/net v0.31.0/go.mod h1:P4fl1q7dY2hnZFxEk4pPSkDHF+QqjitcnDjUQyMM+pM=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo=
-golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s=
+golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM=
-golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
+golang.org/x/text v0.20.0 h1:gK/Kv2otX8gz+wn7Rmb3vT96ZwuoxnQlY+HlJVj7Qug=
+golang.org/x/text v0.20.0/go.mod h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
@@ -105,14 +107,14 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/genproto/googleapis/api v0.0.0-20241007155032-5fefd90f89a9 h1:T6rh4haD3GVYsgEfWExoCZA2o2FmbNyKpTuAxbEFPTg=
-google.golang.org/genproto/googleapis/api v0.0.0-20241007155032-5fefd90f89a9/go.mod h1:wp2WsuBYj6j8wUdo3ToZsdxxixbvQNAHqVJrTgi5E5M=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20241007155032-5fefd90f89a9 h1:QCqS/PdaHTSWGvupk2F/ehwHtGc0/GYkT+3GAcR1CCc=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20241007155032-5fefd90f89a9/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI=
-google.golang.org/grpc v1.67.1 h1:zWnc1Vrcno+lHZCOofnIMvycFcc0QRGIzm9dhnDX68E=
-google.golang.org/grpc v1.67.1/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA=
-google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA=
-google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
+google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 h1:M0KvPgPmDZHPlbRbaNU1APr28TvwvvdUPlSv7PUvy8g=
+google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28/go.mod h1:dguCy7UOdZhTvLzDyt15+rOrawrpM4q7DD9dQ1P11P4=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28 h1:XVhgTWWV3kGQlwJHR3upFWZeTsei6Oks1apkZSeonIE=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI=
+google.golang.org/grpc v1.68.0 h1:aHQeeJbo8zAkAa3pRzrVjZlbz6uSfeOXlJNQM0RAbz0=
+google.golang.org/grpc v1.68.0/go.mod h1:fmSPC5AsjSBCK54MyHRx48kpOti1/jRfOlwEWywNjWA=
+google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io=
+google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
diff --git a/examples/grpc-ext-auth/Dockerfile b/examples/grpc-ext-auth/Dockerfile
index 4f6ea6ff545..f90bb04d8cb 100644
--- a/examples/grpc-ext-auth/Dockerfile
+++ b/examples/grpc-ext-auth/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.23.1 AS builder
+FROM golang:1.23.3 AS builder
ARG GO_LDFLAGS=""
diff --git a/examples/grpc-ext-auth/go.mod b/examples/grpc-ext-auth/go.mod
index 8e3fcb7e061..fe656cdc112 100644
--- a/examples/grpc-ext-auth/go.mod
+++ b/examples/grpc-ext-auth/go.mod
@@ -1,6 +1,6 @@
module github.com/envoyproxy/gateway-grcp-ext-auth
-go 1.23.1
+go 1.23.3
require (
github.com/envoyproxy/go-control-plane v0.13.1
diff --git a/examples/grpc-ext-proc/Dockerfile b/examples/grpc-ext-proc/Dockerfile
index a07ab13f48b..cd0f7db820b 100644
--- a/examples/grpc-ext-proc/Dockerfile
+++ b/examples/grpc-ext-proc/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.23.1 AS builder
+FROM golang:1.23.3 AS builder
ARG GO_LDFLAGS=""
diff --git a/examples/grpc-ext-proc/go.mod b/examples/grpc-ext-proc/go.mod
index bb18254c721..5c7b98ee08e 100644
--- a/examples/grpc-ext-proc/go.mod
+++ b/examples/grpc-ext-proc/go.mod
@@ -1,6 +1,6 @@
module github.com/envoyproxy/gateway-grpc-ext-proc
-go 1.23.1
+go 1.23.3
require (
github.com/envoyproxy/go-control-plane v0.13.1
diff --git a/examples/preserve-case-backend/Dockerfile b/examples/preserve-case-backend/Dockerfile
index 4616d465cb6..46d71ff22b5 100644
--- a/examples/preserve-case-backend/Dockerfile
+++ b/examples/preserve-case-backend/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.23.1 AS builder
+FROM golang:1.23.3 AS builder
ARG GO_LDFLAGS=""
diff --git a/examples/preserve-case-backend/go.mod b/examples/preserve-case-backend/go.mod
index 7a9712aa341..22c616a7ba3 100644
--- a/examples/preserve-case-backend/go.mod
+++ b/examples/preserve-case-backend/go.mod
@@ -1,6 +1,6 @@
module github.com/envoyproxy/gateway-preserve-case-backend
-go 1.23.1
+go 1.23.3
require github.com/valyala/fasthttp v1.51.0
diff --git a/examples/standalone/quickstart.yaml b/examples/standalone/quickstart.yaml
new file mode 100644
index 00000000000..4ccf2ce8efd
--- /dev/null
+++ b/examples/standalone/quickstart.yaml
@@ -0,0 +1,46 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: GatewayClass
+metadata:
+ name: eg
+spec:
+ controllerName: gateway.envoyproxy.io/gatewayclass-controller
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: Gateway
+metadata:
+ name: eg
+spec:
+ gatewayClassName: eg
+ listeners:
+ - name: http
+ protocol: HTTP
+ port: 8888
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+ name: backend
+spec:
+ parentRefs:
+ - name: eg
+ hostnames:
+ - "www.example.com"
+ rules:
+ - backendRefs:
+ - group: "gateway.envoyproxy.io"
+ kind: Backend
+ name: backend
+ matches:
+ - path:
+ type: PathPrefix
+ value: /
+---
+apiVersion: gateway.envoyproxy.io/v1alpha1
+kind: Backend
+metadata:
+ name: backend
+spec:
+ endpoints:
+ - ip:
+ address: 0.0.0.0 # this address is for demo purpose only, do not use it in production!
+ port: 3000
diff --git a/examples/static-file-server/Dockerfile b/examples/static-file-server/Dockerfile
new file mode 100644
index 00000000000..1f1268a2197
--- /dev/null
+++ b/examples/static-file-server/Dockerfile
@@ -0,0 +1,23 @@
+FROM golang:1.23.3 AS builder
+
+ARG GO_LDFLAGS=""
+
+WORKDIR /workspace
+COPY go.mod go.sum ./
+RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/go/pkg/mod \
+ go mod download
+
+COPY . ./
+RUN --mount=type=cache,target=/root/.cache/go-build --mount=type=cache,target=/go/pkg/mod \
+ CGO_ENABLED=0 \
+ GOOS=${TARGETOS} \
+ GOARCH=${TARGETARCH} \
+ go build -o /bin/static-file-server -ldflags "${GO_LDFLAGS}" .
+
+# Need root user for UDS
+FROM gcr.io/distroless/static-debian11
+COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+COPY --from=builder /bin/static-file-server /
+COPY files/ files/
+
+ENTRYPOINT ["/static-file-server"]
diff --git a/examples/static-file-server/Makefile b/examples/static-file-server/Makefile
new file mode 100644
index 00000000000..a4e59d1e3dd
--- /dev/null
+++ b/examples/static-file-server/Makefile
@@ -0,0 +1,8 @@
+
+IMAGE_PREFIX ?= envoyproxy/gateway-
+APP_NAME ?= static-file-server
+TAG ?= latest
+
+.PHONY: docker-buildx
+docker-buildx:
+ docker buildx build . -t $(IMAGE_PREFIX)$(APP_NAME):$(TAG) --build-arg GO_LDFLAGS="$(GO_LDFLAGS)" --load
diff --git a/examples/static-file-server/README.md b/examples/static-file-server/README.md
new file mode 100644
index 00000000000..7cb2417e3cd
--- /dev/null
+++ b/examples/static-file-server/README.md
@@ -0,0 +1,10 @@
+# Static File Server
+
+This example demonstrates how to create a simple static file server using the `http` package.
+Which serves files used by e2e tests.
+
+- test/e2e/testdata/authorization-jwt.yaml
+- test/e2e/testdata/jwt.yaml
+- test/e2e/testdata/jwt-optional.yaml
+- test/e2e/testdata/ratelimit-based-jwt-claims.yaml
+- test/e2e/testdata/wasm-http.yaml
\ No newline at end of file
diff --git a/examples/static-file-server/files/jwt/jwks.json b/examples/static-file-server/files/jwt/jwks.json
new file mode 100644
index 00000000000..b58d8e04fb3
--- /dev/null
+++ b/examples/static-file-server/files/jwt/jwks.json
@@ -0,0 +1,22 @@
+{
+ "keys": [
+ {
+ "kty": "RSA",
+ "n": "u1SU1LfVLPHCozMxH2Mo4lgOEePzNm0tRgeLezV6ffAt0gunVTLw7onLRnrq0_IzW7yWR7QkrmBL7jTKEn5u-qKhbwKfBstIs-bMY2Zkp18gnTxKLxoS2tFczGkPLPgizskuemMghRniWaoLcyehkd3qqGElvW_VDL5AaWTg0nLVkjRo9z-40RQzuVaE8AkAFmxZzow3x-VJYKdjykkJ0iT9wCS0DRTXu269V264Vf_3jvredZiKRkgwlL9xNAwxXFg0x_XFw005UWVRIkdgcKWTjpBP2dPwVZ4WWC-9aGVd-Gyn1o0CLelf4rEjGoXbAAEgAqeGUxrcIlbjXfbcmw",
+ "e": "AQAB",
+ "alg": "RS256",
+ "use": "sig"
+ },
+ {
+ "alg": "RS256",
+ "e": "AQAB",
+ "key_ops": [
+ "verify"
+ ],
+ "kty": "RSA",
+ "n": "xOHb-i1WDfeAvsbXTSOtosl3hCUDHQ8fRDqX_Rt998-hZDJmAoPOu4J-wcwq5aZtSn_iWUYLcK2WmC_1n-p1eyc-Pl4CBnxF7LUjCk-WGhniaCzXC5I5RON6c5N-MdE0UfukK0PM0zD3iQonZq0fIsnOYyFdYdWvQ5XW-C2aLlq2FUKrjmhAav10jIC0KGd2dHRzauzfLMUmt_iMnpU84Xrur1zRYzBO4D90rN0ypC2HH7o_zI8Osx4o1L8BScW78545sWyVbaprhBV1I2Sa4SH3NAc25ej3RIh-f13Yu97FVfO0AIG4VfFiaMmsTqNTCiBkM20tXD2Z-cHJTKemXzFgInJoqFLAkHLzJ0lPvAkKOgAOufLHa7RA-C276OXd72IXPsL1UOLN4sjhGqTtaynVa00yuHdi3f4-aoy9F9SUJeWfPg--nZNLzuI0eyufsTFywnx1bTQ_kdYlEr0dRE5sujlMk3cZ7FmOQRvcjA9MxFzoVKMmlZc6LMCgqw-P",
+ "use": "sig",
+ "kid": "b520b3c2c4bd75a10e9cebc9576933dc"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/examples/static-file-server/files/wasm/envoy_filter_http_wasm_example.wasm b/examples/static-file-server/files/wasm/envoy_filter_http_wasm_example.wasm
new file mode 100644
index 00000000000..df2554e971e
Binary files /dev/null and b/examples/static-file-server/files/wasm/envoy_filter_http_wasm_example.wasm differ
diff --git a/examples/static-file-server/go.mod b/examples/static-file-server/go.mod
new file mode 100644
index 00000000000..69cc2a932da
--- /dev/null
+++ b/examples/static-file-server/go.mod
@@ -0,0 +1,3 @@
+module github.com/envoyproxy/static-file-server
+
+go 1.23.3
diff --git a/examples/static-file-server/go.sum b/examples/static-file-server/go.sum
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/examples/static-file-server/main.go b/examples/static-file-server/main.go
new file mode 100644
index 00000000000..1a82c1ae37f
--- /dev/null
+++ b/examples/static-file-server/main.go
@@ -0,0 +1,39 @@
+// Copyright Envoy Gateway Authors
+// SPDX-License-Identifier: Apache-2.0
+// The full text of the Apache license is available in the LICENSE file at
+// the root of the repo.
+
+package main
+
+import (
+ "flag"
+ "log"
+ "net/http"
+ "os"
+ "path"
+)
+
+var (
+ port string
+ directory string
+ certPath string
+)
+
+func main() {
+ flag.StringVar(&port, "port", "8080", "port to serve on")
+ flag.StringVar(&directory, "dir", "./files", "the directory of static file to host")
+ flag.StringVar(&certPath, "certPath", "/etc/certs", "path to extProcServer certificate and private key")
+ flag.Parse()
+
+ http.Handle("/", http.FileServer(http.Dir(directory)))
+
+ if _, err := os.Stat(path.Join(certPath, "tls.crt")); err != nil {
+ log.Printf("Serving %s on HTTP port: %s\n", directory, port)
+ log.Fatal(http.ListenAndServe(":"+port, nil))
+ return
+ }
+
+ log.Printf("Serving %s on HTTPS port: %s\n", directory, port)
+ log.Fatal(http.ListenAndServeTLS(":"+port,
+ path.Join(certPath, "tls.crt"), path.Join(certPath, "tls.key"), nil))
+}
diff --git a/examples/static-file-server/manifests/http.yaml b/examples/static-file-server/manifests/http.yaml
new file mode 100644
index 00000000000..e21fec0179c
--- /dev/null
+++ b/examples/static-file-server/manifests/http.yaml
@@ -0,0 +1,33 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: static-file-server
+spec:
+ selector:
+ app: static-file-server
+ ports:
+ - protocol: TCP
+ port: 443
+ targetPort: 8443
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: static-file-server
+ labels:
+ app: static-file-server
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: static-file-server
+ template:
+ metadata:
+ labels:
+ app: static-file-server
+ spec:
+ containers:
+ - name: static-file-server
+ image: envoyproxy/gateway-static-file-server
+ imagePullPolicy: IfNotPresent
diff --git a/examples/static-file-server/manifests/httproute.yaml b/examples/static-file-server/manifests/httproute.yaml
new file mode 100644
index 00000000000..beaefdbb423
--- /dev/null
+++ b/examples/static-file-server/manifests/httproute.yaml
@@ -0,0 +1,22 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+ name: backend
+spec:
+ parentRefs:
+ - name: eg
+ rules:
+ - backendRefs:
+ - group: ""
+ kind: Service
+ name: static-file-server
+ port: 443
+ weight: 1
+ matches:
+ - path:
+ type: PathPrefix
+ value: /jwt
+ - path:
+ type: PathPrefix
+ value: /wasm
+---
diff --git a/examples/static-file-server/manifests/tls.yaml b/examples/static-file-server/manifests/tls.yaml
new file mode 100644
index 00000000000..d277452efd1
--- /dev/null
+++ b/examples/static-file-server/manifests/tls.yaml
@@ -0,0 +1,95 @@
+apiVersion: v1
+data:
+ tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURZVENDQWttZ0F3SUJBZ0lSQUpiK2x5QTJqZCtlUmRMTzR4Sm5kWVF3RFFZSktvWklodmNOQVFFTEJRQXcKUWpFVE1CRUdBMVVFQ2hNS1JXNTJiM2xRY205NGVURVFNQTRHQTFVRUN4TUhSMkYwWlhkaGVURVpNQmNHQTFVRQpBeE1RUlc1MmIza2dSMkYwWlhkaGVTQkRRVEFnRncweU5EQXpNVEF4TlRNeU1UZGFHQTh5TVRJME1ETXhNREUyCk16SXhOMW93SkRFUU1BNEdBMVVFQ2hNSFFXTnRaU0JEYnpFUU1BNEdBMVVFQXhNSFpHVm1ZWFZzZERDQ0FTSXcKRFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUtGUnI2cVV1WFN1N3J5bHcvVmZXbm1kM0RXWgpTcGxDUFR6QUh1V3NpOVVrbW5rTVhNOXN3Y1VQZFUyd2NNSHd1bDNpNGJwTlRkUGVWRG04K3JUVXNmaHMySWZuCmhHNW9WV0JnTkJXVEYzRnpiUmgvc3orK3p6MlBnZ0Fpb3NjYmEyVm5qaExyOUM3a0Q3QnRYNVlvSENGQ3lhT24Kem9WNVdNSnBBNHNCeGdOdkpXSU5aRUNnOUlmSWxSMDZMTGlNTXJCRTVRS2cvTG5EUkpuTEZEVFZCTDdzallpVQpZdVZtRWczMXJaOVpsNXViZ09xSU9uU2ROM2RNM1hhUnBCTWFGVXg5UDlQcmhjS3l5NVRkQ3g2MHBIYXMvaFIxCmFjcEp5VmdmRFVDdXNUUFphVFo1eXM0cmhib1l3WDN5cnZKN29lMHM4QmRZU2thT1NBTElDaU9PWGtVQ0F3RUEKQWFOdU1Hd3dEZ1lEVlIwUEFRSC9CQVFEQWdXZ01CTUdBMVVkSlFRTU1Bb0dDQ3NHQVFVRkJ3TUJNQXdHQTFVZApFd0VCL3dRQ01BQXdId1lEVlIwakJCZ3dGb0FVVXBQMWFaMU0yS0l1UFBXck5QRFYyYzVDbmdvd0ZnWURWUjBSCkJBOHdEWUlMWlhoaGJYQnNaUzVqYjIwd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFBMkk1MmhrcEwwTXZmejQKeDk3ZjV6dlR5a1VtRWhDSVowN0g0anM0WVg2a1hLWVBzRDBlaGJFbzZUSWgyMkpWMkpyWnRuaWhMQnRGQStuUQp2Zk9QcE1LRnJMUU1DWVozMk9Na045T1pWbmNyMmpQNzNhaE9SaWloaGVBczJYTUtybHZmVWVKTFJrSlBlSVB6CnR2TlVacWExMmZ4T0Jsdy9hV1NqVk9lRDVMVm5nUStrQksydGRoL08xSjFWRGgzdVU3RHNZUThmRm1UcWR6ZzYKUWhtbjhaTXFIS3lNeitOdkt1d1h5eEtyeFZKVEl1QzJXZHhGWlZZMzdtZzJ5Vm9OdFhpSFNQMXpxVWV4SHNEKwpzUDBsZy9jUDdlaitOY3Q5WnpudUZBc2U4cUNDZnlaL2hPQ2NCblZabG1GUFgzRCtJSEpVWUpGaWVkYndsZHljCmw1eG1jaFU9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
+ tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBb1ZHdnFwUzVkSzd1dktYRDlWOWFlWjNjTlpsS21VSTlQTUFlNWF5TDFTU2FlUXhjCnoyekJ4UTkxVGJCd3dmQzZYZUxodWsxTjA5NVVPYno2dE5TeCtHelloK2VFYm1oVllHQTBGWk1YY1hOdEdIK3oKUDc3UFBZK0NBQ0tpeHh0clpXZU9FdXYwTHVRUHNHMWZsaWdjSVVMSm82Zk9oWGxZd21rRGl3SEdBMjhsWWcxawpRS0QwaDhpVkhUb3N1SXd5c0VUbEFxRDh1Y05FbWNzVU5OVUV2dXlOaUpSaTVXWVNEZld0bjFtWG01dUE2b2c2CmRKMDNkMHpkZHBHa0V4b1ZUSDAvMCt1RndyTExsTjBMSHJTa2RxeitGSFZweWtuSldCOE5RSzZ4TTlscE5ubksKeml1RnVoakJmZkt1OG51aDdTendGMWhLUm81SUFzZ0tJNDVlUlFJREFRQUJBb0lCQVFDVGlZUGh2TGVJa2R6aQpSN0RhbnVTK1NiUDJpVVlDdU9RTXhhRDhhVHhTS1hIbHQzckNjak1kcVMrZFovc1lSTFFOM2N5WWVNN3ZNRzFUCmlSUzVnYlZyQVJGZjZrdmlOaVd2U1EwWmxqZGdtVEp6cjRjZWk4STZDUi9hUTlNZnltSUVraHNNRHlSNkpqWjcKSXV6REJkZ0VTM0xpN0R3ak1vSU0rOEl6eGVGMWpTT1ErTjlLcTB3QzMzVzFuOVdIYXZWcWZvcjI0bmVySG9FcwozNmlUMncvdkU1dFJBTFlEbjh6MFp5YUM1d3Nnb3FyTG5UWXlMcnVKWnNGa1NxN25GWEE3cjhXL0dLQjBoL3ZaCmNzYkRlWU1WMjJNckdRTzhYSlAwM3J0cm9DQWJmUUhRd3lEbnpsTFJ3blNGRmhjV0F5UW9qbkozb0RQbzhZaXoKam1meVd5WlpBb0dCQU0vZGtqMGhFZm05SHBBL1dyTGVEb0V5WWtKL3N1R3RyWlpSNS9INnJieHphQ2FlQ3B0UApZQ25JcnBoMjRVYWFvaXFJY0pnazRXRjBmU3RhRnh0SkxSYXpBVElUUFlCZjF0OEEwYkhjN3UxMExiWlZkMG5uCk1lWVJPYlhzQXlvdmxNcm1ZclBPWWFXSEtJL1oyT3NLeC83UkhTcnEwZm1ZcUFYSXpzK2V1Ryt6QW9HQkFNYXMKem9YdlJwVDZGNndYaU5QemFqamc5MHJFMFhZZ0g3VkEvWHJsbUp5MVFRYy8rZzJ1ZXVYMGJ5aVhYY0FMY3BINAoybFlYcEZaelNPRkd6Z01DMEtuQkJyWmxsYWIweUczbWhsWjRtbkFhbmtSUFh4bWpDdmgvZmtkYStlQ1RCMFdHCjBOY3RQSFVvSk9GNWpLNmtxVy9rWVpkWVRPV1FjczNybURFWCtENG5Bb0dCQUwwdkhRenp6MGRyMzZoTGNRSUEKWmxVaUJSb2UzVERYQUhraWZLYllqMDFJQUErOW9VdXZWNGRQOWRBZnluS1hCR2NQbk9Kc0ZwQzdFN3prRnNtbgp0UmpHdkp6VnRCRGxxVXQzbEdKOEFSMHVzdmdUR3ltdytOSTY5VHBrM3BDRGs3bURLMndZdHZpUFpkUmU0alV4CnI4cDBpa1pvUjhrU0xrSnRmQVNzb1pKUEFvR0FWSTk4bjNrR082WnVxT3FqYkVMd2RTRWJZQkdCYlp1aW8wejAKRm5qZWllU0R0d2c5NzlEUnNrcGxmWXRmZGJ2cG1jT25lbms1a3lvaVhPLzhBMEFSZkE4U1FsUGViRjlIWjY5MApnaDEyN2p3R0hPRURneS9vSFhoMlVQeWgyam42SUZlUFQrYUxFdnB4S0I3S0NCTkJvc1E3M1dUUjVldWpVWTN6CkN3SSt3SVVDZ1lFQXJVQ0k4cng3MVd4S3A0dnNObTJpM2JlT3lYa3dVaFhKUmhmL0cwZk5vc2FhT0RvVEdNT1oKVlRRci9hVWJlQ2pWMlZENTEyVkJEQlZnYUNnZ1ZZS3pSMXpJSDFlMXZzVjhQVjN1Snh0Q2FLT3daTHV4OS9HQQp0QzJOKzFTY05GWkxtU3Z0MzU2WG5EL3VwRUcyeVMydmFURDU1K3FVUlVFWk1TWDlPdFpSL2JBPQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
+kind: Secret
+metadata:
+ name: static-file-server-tls
+type: kubernetes.io/tls
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: static-file-server
+spec:
+ selector:
+ app: static-file-server
+ ports:
+ - protocol: TCP
+ port: 443
+ targetPort: 8443
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: static-file-server
+ labels:
+ app: static-file-server
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: static-file-server
+ template:
+ metadata:
+ labels:
+ app: static-file-server
+ spec:
+ containers:
+ - name: static-file-server
+ image: envoyproxy/gateway-static-file-server
+ imagePullPolicy: IfNotPresent
+ args:
+ - "--certPath=/app/certs"
+ - "--port=8443"
+ volumeMounts:
+ - name: secret-volume
+ mountPath: /app/certs
+ volumes:
+ - name: secret-volume
+ secret:
+ secretName: static-file-server-tls
+---
+apiVersion: gateway.networking.k8s.io/v1alpha3
+kind: BackendTLSPolicy
+metadata:
+ name: static-file-server
+spec:
+ targetRefs:
+ - group: ""
+ kind: Service
+ name: static-file-server
+ sectionName: "443"
+ validation:
+ caCertificateRefs:
+ - name: backend-tls-checks-certificate
+ group: ""
+ kind: ConfigMap
+ hostname: example.com
+---
+apiVersion: v1
+data:
+ ca.crt: |
+ -----BEGIN CERTIFICATE-----
+ MIIDQzCCAiugAwIBAgIBATANBgkqhkiG9w0BAQsFADBCMRMwEQYDVQQKEwpFbnZv
+ eVByb3h5MRAwDgYDVQQLEwdHYXRld2F5MRkwFwYDVQQDExBFbnZveSBHYXRld2F5
+ IENBMCAXDTI0MDMxMDE1MzIxN1oYDzIxMjQwMzEwMTYzMjE3WjBCMRMwEQYDVQQK
+ EwpFbnZveVByb3h5MRAwDgYDVQQLEwdHYXRld2F5MRkwFwYDVQQDExBFbnZveSBH
+ YXRld2F5IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7ZFmGB4e
+ m1KdGEohAZBfqydAEGLDHJ1YyfHWdd+vBAevdW64bZx3pggJOtgCnePuFd02rDQS
+ dlsJlX/6mFtoQilo6wvxDSJRfaTDbtfTjw+7k8yfd/Jsmh0RWG+UeyI7Na9sXAz7
+ b57mpxsCoNowzeK5ETiOGGNWPcjENJkSnBarz5muN00xIZWBU+yN5PLJNxZvxpZJ
+ Ol/SSI8sno0e0PxAmp3fe7QaXiZj/TAGJPGuTJkUxrHqyZGJtYUxsS8A0dT1zBjj
+ izA5Dp+b5yzYo23Hh7BgpbZ7X4gsDThFuwCD6fHyepuv2zHPqvSsdqg2hAhDp91R
+ zrn7a9GxG2VSIwIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUw
+ AwEB/zAdBgNVHQ4EFgQUUpP1aZ1M2KIuPPWrNPDV2c5CngowDQYJKoZIhvcNAQEL
+ BQADggEBAGSEkAVz+Z0qS4FmA0q4SCpIIq64bsdEjiUzev7pK1LEK0/Y28QBPixV
+ cUXfax18VPR9pls1JgXto9qY+C0hnRZic6611QTJlWK1p6dinQ/eDdYCBC+nv5xx
+ ssASwmplIxMvj3S1qF6dr7sMI2ZVD5HElTWdO19UBLyhiKKZW2KxDsYj+5NRwGFe
+ G+JuDgq7njUM8mdyYk0NehefdBUEUUCQtnwUtW95/429XwqQROuRDteGT9kjD+Y5
+ ea5mW4mfqLeuGJXZs9bdWjKKdLQPrn9IshPysWqz2Hz8dQ1f7N9/g8UWVSjd4cyx
+ S5EAolzVv0yB7wHCWCgfG/ckdOTUNnE=
+ -----END CERTIFICATE-----
+kind: ConfigMap
+metadata:
+ name: backend-tls-checks-certificate
diff --git a/go.mod b/go.mod
index 68fd42b5a31..7d45c395ef0 100644
--- a/go.mod
+++ b/go.mod
@@ -1,14 +1,14 @@
module github.com/envoyproxy/gateway
-go 1.23.1
+go 1.23.3
replace github.com/imdario/mergo => github.com/imdario/mergo v0.3.16
require (
- fortio.org/fortio v1.67.1
+ fortio.org/fortio v1.68.0
fortio.org/log v1.17.1
github.com/Masterminds/semver/v3 v3.3.0
- github.com/cncf/xds/go v0.0.0-20240723142845-024c85f92f20
+ github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc
github.com/docker/cli v27.3.1+incompatible
github.com/dominikbraun/graph v0.23.0
@@ -21,7 +21,7 @@ require (
github.com/go-logr/zapr v1.3.0
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/protobuf v1.5.4
- github.com/google/cel-go v0.21.0
+ github.com/google/cel-go v0.22.0
github.com/google/go-cmp v0.6.0
github.com/google/go-containerregistry v0.20.2
github.com/hashicorp/go-multierror v1.1.1
@@ -34,20 +34,20 @@ require (
github.com/stretchr/testify v1.9.0
github.com/telepresenceio/watchable v0.0.0-20220726211108-9bb86f92afa7
github.com/tsaarni/certyaml v0.10.0
- go.opentelemetry.io/otel v1.31.0
- go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.31.0
- go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.31.0
- go.opentelemetry.io/otel/exporters/prometheus v0.53.0
- go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.31.0
- go.opentelemetry.io/otel/metric v1.31.0
- go.opentelemetry.io/otel/sdk/metric v1.31.0
+ go.opentelemetry.io/otel v1.32.0
+ go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.32.0
+ go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.32.0
+ go.opentelemetry.io/otel/exporters/prometheus v0.54.0
+ go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.32.0
+ go.opentelemetry.io/otel/metric v1.32.0
+ go.opentelemetry.io/otel/sdk/metric v1.32.0
go.opentelemetry.io/proto/otlp v1.3.1
go.uber.org/zap v1.27.0
golang.org/x/exp v0.0.0-20240904232852-e7e105dedf7e
- golang.org/x/sys v0.26.0
- google.golang.org/protobuf v1.35.1
+ golang.org/x/sys v0.27.0
+ google.golang.org/protobuf v1.35.2
gopkg.in/yaml.v3 v3.0.1
- helm.sh/helm/v3 v3.16.2
+ helm.sh/helm/v3 v3.16.3
k8s.io/api v0.31.2
k8s.io/apiextensions-apiserver v0.31.2
k8s.io/apimachinery v0.31.2
@@ -65,12 +65,12 @@ require (
github.com/docker/docker v27.3.1+incompatible
github.com/replicatedhq/troubleshoot v0.107.5
github.com/tetratelabs/func-e v1.1.5-0.20240822223546-c85a098d5bf0
- google.golang.org/grpc v1.67.1
+ google.golang.org/grpc v1.68.0
sigs.k8s.io/kubectl-validate v0.0.5-0.20240827210056-ce13d95db263
)
require (
- cel.dev/expr v0.16.0 // indirect
+ cel.dev/expr v0.18.0 // indirect
dario.cat/mergo v1.0.1 // indirect
filippo.io/edwards25519 v1.1.0 // indirect
fortio.org/cli v1.9.2 // indirect
@@ -95,8 +95,8 @@ require (
github.com/c9s/goprocinfo v0.0.0-20170724085704-0010a05ce49f // indirect
github.com/cilium/ebpf v0.16.0 // indirect
github.com/containerd/cgroups/v3 v3.0.3 // indirect
- github.com/containerd/containerd v1.7.20 // indirect
- github.com/containerd/errdefs v0.1.0 // indirect
+ github.com/containerd/containerd v1.7.23 // indirect
+ github.com/containerd/errdefs v0.3.0 // indirect
github.com/containerd/log v0.1.0 // indirect
github.com/containerd/platforms v0.2.1 // indirect
github.com/containerd/stargz-snapshotter/estargz v0.15.1 // indirect
@@ -107,7 +107,7 @@ require (
github.com/coreos/go-semver v0.3.1 // indirect
github.com/coreos/go-systemd/v22 v22.5.0 // indirect
github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect
- github.com/cyphar/filepath-securejoin v0.3.1 // indirect
+ github.com/cyphar/filepath-securejoin v0.3.4 // indirect
github.com/distribution/distribution/v3 v3.0.0-beta.1 // indirect
github.com/distribution/reference v0.6.0 // indirect
github.com/docker/distribution v2.8.3+incompatible // indirect
@@ -208,7 +208,7 @@ require (
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 // indirect
- golang.org/x/crypto v0.28.0 // indirect
+ golang.org/x/crypto v0.29.0 // indirect
golang.org/x/crypto/x509roots/fallback v0.0.0-20240904212608-c9da6b9a4008 // indirect
gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
gopkg.in/ini.v1 v1.67.0 // indirect
@@ -246,7 +246,7 @@ require (
github.com/google/uuid v1.6.0 // indirect
github.com/gorilla/websocket v1.5.1 // indirect
github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
- github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0 // indirect
+ github.com/grpc-ecosystem/grpc-gateway/v2 v2.23.0 // indirect
github.com/imdario/mergo v1.0.0 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/josharian/intern v1.0.0 // indirect
@@ -272,21 +272,21 @@ require (
github.com/sirupsen/logrus v1.9.3 // indirect
github.com/tsaarni/x500dn v1.0.0 // indirect
github.com/xlab/treeprint v1.2.0 // indirect
- go.opentelemetry.io/otel/sdk v1.31.0
- go.opentelemetry.io/otel/trace v1.31.0 // indirect
+ go.opentelemetry.io/otel/sdk v1.32.0
+ go.opentelemetry.io/otel/trace v1.32.0 // indirect
go.starlark.net v0.0.0-20240520160348-046347dcd104 // indirect
go.uber.org/multierr v1.11.0 // indirect
golang.org/x/mod v0.21.0 // indirect
- golang.org/x/net v0.30.0
+ golang.org/x/net v0.31.0
golang.org/x/oauth2 v0.23.0 // indirect
- golang.org/x/sync v0.8.0 // indirect
- golang.org/x/term v0.25.0 // indirect
- golang.org/x/text v0.19.0 // indirect
+ golang.org/x/sync v0.9.0 // indirect
+ golang.org/x/term v0.26.0 // indirect
+ golang.org/x/text v0.20.0 // indirect
golang.org/x/time v0.5.0 // indirect
golang.org/x/tools v0.24.0 // indirect
gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
- google.golang.org/genproto/googleapis/api v0.0.0-20241007155032-5fefd90f89a9
- google.golang.org/genproto/googleapis/rpc v0.0.0-20241007155032-5fefd90f89a9 // indirect
+ google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28
+ google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
k8s.io/component-base v0.31.2 // indirect
diff --git a/go.sum b/go.sum
index 00d7b32bb36..badf41ee3da 100644
--- a/go.sum
+++ b/go.sum
@@ -1,5 +1,5 @@
-cel.dev/expr v0.16.0 h1:yloc84fytn4zmJX2GU3TkXGsaieaV7dQ057Qs4sIG2Y=
-cel.dev/expr v0.16.0/go.mod h1:TRSuuV7DlVCE/uwv5QbAiW/v8l5O8C4eEPHeu7gf7Sg=
+cel.dev/expr v0.18.0 h1:CJ6drgk+Hf96lkLikr4rFf19WrU0BOWEihyZnI2TAzo=
+cel.dev/expr v0.18.0/go.mod h1:MrpN08Q+lEBs+bGYdLxxHkZoUSsCp0nSKTs0nTymJgw=
cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
@@ -13,8 +13,8 @@ fortio.org/cli v1.9.2 h1:17eJ8QZPjXHcLBpeCe0QMO/0fj5Bw0ZTxVgL7V9jOqc=
fortio.org/cli v1.9.2/go.mod h1:7r55OoTV8NXcTvJT4boWk8s3I2LP6TMZh/0LLMJEYw0=
fortio.org/dflag v1.7.3 h1:yws+v+/fJ67bYgrgcWpLtgdZPEWkYuwdfqz/WyQ8UXo=
fortio.org/dflag v1.7.3/go.mod h1:O1Pk4lKRolw9wwAGyjTo8IsNyqqNRQGKxPOfpOElMqM=
-fortio.org/fortio v1.67.1 h1:KAYyeu6z/01d/QwJm2dCVIadAhd8jNsezJHhlkoOMwU=
-fortio.org/fortio v1.67.1/go.mod h1:XfrXH/BJ/hhxBXHj9z8FaqvsBbnf46SLyoWtPgopDlU=
+fortio.org/fortio v1.68.0 h1:2M9RuitiN+MgW6QlTJCHjW6PJLAPj/YCXegxSCLQ3rw=
+fortio.org/fortio v1.68.0/go.mod h1:1IjDaEoT5crHBN7BRLBwrHE24pIT6rOPKrYG3jEIWaA=
fortio.org/log v1.17.1 h1:YQoGyZBnXTVIs77/nZw7BppwSOIamP3I092PGBenBZs=
fortio.org/log v1.17.1/go.mod h1:t58Spg9njjymvRioh5F6qKGSupEsnMjXLGWIS1i3khE=
fortio.org/safecast v1.0.0 h1:dr3131WPX8iS1pTf76+39WeXbTrerDYLvi9s7Oi3wiY=
@@ -123,17 +123,17 @@ github.com/cilium/ebpf v0.16.0 h1:+BiEnHL6Z7lXnlGUsXQPPAE7+kenAd4ES8MQ5min0Ok=
github.com/cilium/ebpf v0.16.0/go.mod h1:L7u2Blt2jMM/vLAVgjxluxtBKlz3/GWjB0dMOEngfwE=
github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
-github.com/cncf/xds/go v0.0.0-20240723142845-024c85f92f20 h1:N+3sFI5GUjRKBi+i0TxYVST9h4Ie192jJWpHvthBBgg=
-github.com/cncf/xds/go v0.0.0-20240723142845-024c85f92f20/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8=
+github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78 h1:QVw89YDxXxEe+l8gU8ETbOasdwEV+avkR75ZzsVV9WI=
+github.com/cncf/xds/go v0.0.0-20240905190251-b4127c9b8d78/go.mod h1:W+zGtBO5Y1IgJhy4+A9GOqVhqLpfZi+vwmdNXUehLA8=
github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8=
github.com/containerd/cgroups/v3 v3.0.3 h1:S5ByHZ/h9PMe5IOQoN7E+nMc2UcLEM/V48DGDJ9kip0=
github.com/containerd/cgroups/v3 v3.0.3/go.mod h1:8HBe7V3aWGLFPd/k03swSIsGjZhHI2WzJmticMgVuz0=
-github.com/containerd/containerd v1.7.20 h1:Sl6jQYk3TRavaU83h66QMbI2Nqg9Jm6qzwX57Vsn1SQ=
-github.com/containerd/containerd v1.7.20/go.mod h1:52GsS5CwquuqPuLncsXwG0t2CiUce+KsNHJZQJvAgR0=
+github.com/containerd/containerd v1.7.23 h1:H2CClyUkmpKAGlhQp95g2WXHfLYc7whAuvZGBNYOOwQ=
+github.com/containerd/containerd v1.7.23/go.mod h1:7QUzfURqZWCZV7RLNEn1XjUCQLEf0bkaK4GjUaZehxw=
github.com/containerd/continuity v0.4.2 h1:v3y/4Yz5jwnvqPKJJ+7Wf93fyWoCB3F5EclWG023MDM=
github.com/containerd/continuity v0.4.2/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ=
-github.com/containerd/errdefs v0.1.0 h1:m0wCRBiu1WJT/Fr+iOoQHMQS/eP5myQ8lCv4Dz5ZURM=
-github.com/containerd/errdefs v0.1.0/go.mod h1:YgWiiHtLmSeBrvpw+UfPijzbLaB77mEG1WwJTDETIV0=
+github.com/containerd/errdefs v0.3.0 h1:FSZgGOeK4yuT/+DnF07/Olde/q4KBoMsaamhXxIMDp4=
+github.com/containerd/errdefs v0.3.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M=
github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
github.com/containerd/platforms v0.2.1 h1:zvwtM3rz2YHPQsF2CHYM8+KtB5dvhISiXh5ZpSBQv6A=
@@ -170,8 +170,8 @@ github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46t
github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY=
github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
-github.com/cyphar/filepath-securejoin v0.3.1 h1:1V7cHiaW+C+39wEfpH6XlLBQo3j/PciWFrgfCLS8XrE=
-github.com/cyphar/filepath-securejoin v0.3.1/go.mod h1:F7i41x/9cBF7lzCrVsYs9fuzwRZm4NQsGTBdpp6mETc=
+github.com/cyphar/filepath-securejoin v0.3.4 h1:VBWugsJh2ZxJmLFSM06/0qzQyiQX2Qs0ViKrUAcqdZ8=
+github.com/cyphar/filepath-securejoin v0.3.4/go.mod h1:8s/MCNJREmFK0H02MF6Ihv1nakJe4L/w3WZLHNkvlYM=
github.com/datawire/dlib v1.3.0 h1:KkmyXU1kwm3oPBk1ypR70YbcOlEXWzEbx5RE0iRXTGk=
github.com/datawire/dlib v1.3.0/go.mod h1:NiGDmetmbkBvtznpWSx6C0vA0s0LK9aHna3LJDqjruk=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -386,8 +386,8 @@ github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Z
github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU=
github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4=
-github.com/google/cel-go v0.21.0 h1:cl6uW/gxN+Hy50tNYvI691+sXxioCnstFzLp2WO4GCI=
-github.com/google/cel-go v0.21.0/go.mod h1:rHUlWCcBKgyEk+eV03RPdZUekPp6YcJwV0FxuUksYxc=
+github.com/google/cel-go v0.22.0 h1:b3FJZxpiv1vTMo2/5RDUqAHPxkT8mmMfJIrq1llbf7g=
+github.com/google/cel-go v0.22.0/go.mod h1:BuznPXXfQDpXKWQ9sPW3TzlAJN5zzFe+i9tIs0yC4s8=
github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I=
github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U=
github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
@@ -447,8 +447,8 @@ github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t
github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo=
github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0 h1:asbCHRVmodnJTuQ3qamDwqVOIjwqUPTYmYuemVOx+Ys=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0/go.mod h1:ggCgvZ2r7uOoQjOyu2Y1NhHmEPPzzuhWgcza5M1Ji1I=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.23.0 h1:ad0vkEBuk23VJzZR9nkLVG0YAoN9coASF1GusYX6AlU=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.23.0/go.mod h1:igFoXX2ELCW06bol23DWPB5BEWfZISOzSP5K2sbLea0=
github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I=
github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
@@ -894,32 +894,32 @@ go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.5
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0/go.mod h1:azvtTADFQJA8mX80jIH/akaE7h+dbm/sVuaHqN13w74=
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 h1:4K4tsIXefpVJtvA/8srF4V4y0akAoPHkIslgAkjixJA=
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0/go.mod h1:jjdQuTGVsXV4vSs+CJ2qYDeDPf9yIJV23qlIzBm73Vg=
-go.opentelemetry.io/otel v1.31.0 h1:NsJcKPIW0D0H3NgzPDHmo0WW6SptzPdqg/L1zsIm2hY=
-go.opentelemetry.io/otel v1.31.0/go.mod h1:O0C14Yl9FgkjqcCZAsE053C13OaddMYr/hz6clDkEJE=
-go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.31.0 h1:FZ6ei8GFW7kyPYdxJaV2rgI6M+4tvZzhYsQ2wgyVC08=
-go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.31.0/go.mod h1:MdEu/mC6j3D+tTEfvI15b5Ci2Fn7NneJ71YMoiS3tpI=
-go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.31.0 h1:ZsXq73BERAiNuuFXYqP4MR5hBrjXfMGSO+Cx7qoOZiM=
-go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.31.0/go.mod h1:hg1zaDMpyZJuUzjFxFsRYBoccE86tM9Uf4IqNMUxvrY=
+go.opentelemetry.io/otel v1.32.0 h1:WnBN+Xjcteh0zdk01SVqV55d/m62NJLJdIyb4y/WO5U=
+go.opentelemetry.io/otel v1.32.0/go.mod h1:00DCVSB0RQcnzlwyTfqtxSm+DRr9hpYrHjNGiBHVQIg=
+go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.32.0 h1:j7ZSD+5yn+lo3sGV69nW04rRR0jhYnBwjuX3r0HvnK0=
+go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v1.32.0/go.mod h1:WXbYJTUaZXAbYd8lbgGuvih0yuCfOFC5RJoYnoLcGz8=
+go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.32.0 h1:t/Qur3vKSkUCcDVaSumWF2PKHt85pc7fRvFuoVT8qFU=
+go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp v1.32.0/go.mod h1:Rl61tySSdcOJWoEgYZVtmnKdA0GeKrSqkHC1t+91CH8=
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 h1:3Q/xZUyC1BBkualc9ROb4G8qkH90LXEIICcs5zv1OYY=
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0/go.mod h1:s75jGIWA9OfCMzF0xr+ZgfrB5FEbbV7UuYo32ahUiFI=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0 h1:qFffATk0X+HD+f1Z8lswGiOQYKHRlzfmdJm0wEaVrFA=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.27.0/go.mod h1:MOiCmryaYtc+V0Ei+Tx9o5S1ZjA7kzLucuVuyzBZloQ=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.21.0 h1:digkEZCJWobwBqMwC0cwCq8/wkkRy/OowZg5OArWZrM=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.21.0/go.mod h1:/OpE/y70qVkndM0TrxT4KBoN3RsFZP0QaofcfYrj76I=
-go.opentelemetry.io/otel/exporters/prometheus v0.53.0 h1:QXobPHrwiGLM4ufrY3EOmDPJpo2P90UuFau4CDPJA/I=
-go.opentelemetry.io/otel/exporters/prometheus v0.53.0/go.mod h1:WOAXGr3D00CfzmFxtTV1eR0GpoHuPEu+HJT8UWW2SIU=
-go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.31.0 h1:HZgBIps9wH0RDrwjrmNa3DVbNRW60HEhdzqZFyAp3fI=
-go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.31.0/go.mod h1:RDRhvt6TDG0eIXmonAx5bd9IcwpqCkziwkOClzWKwAQ=
+go.opentelemetry.io/otel/exporters/prometheus v0.54.0 h1:rFwzp68QMgtzu9PgP3jm9XaMICI6TsofWWPcBDKwlsU=
+go.opentelemetry.io/otel/exporters/prometheus v0.54.0/go.mod h1:QyjcV9qDP6VeK5qPyKETvNjmaaEc7+gqjh4SS0ZYzDU=
+go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.32.0 h1:SZmDnHcgp3zwlPBS2JX2urGYe/jBKEIT6ZedHRUyCz8=
+go.opentelemetry.io/otel/exporters/stdout/stdoutmetric v1.32.0/go.mod h1:fdWW0HtZJ7+jNpTKUR0GpMEDP69nR8YBJQxNiVCE3jk=
go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.21.0 h1:VhlEQAPp9R1ktYfrPk5SOryw1e9LDDTZCbIPFrho0ec=
go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.21.0/go.mod h1:kB3ufRbfU+CQ4MlUcqtW8Z7YEOBeK2DJ6CmR5rYYF3E=
-go.opentelemetry.io/otel/metric v1.31.0 h1:FSErL0ATQAmYHUIzSezZibnyVlft1ybhy4ozRPcF2fE=
-go.opentelemetry.io/otel/metric v1.31.0/go.mod h1:C3dEloVbLuYoX41KpmAhOqNriGbA+qqH6PQ5E5mUfnY=
-go.opentelemetry.io/otel/sdk v1.31.0 h1:xLY3abVHYZ5HSfOg3l2E5LUj2Cwva5Y7yGxnSW9H5Gk=
-go.opentelemetry.io/otel/sdk v1.31.0/go.mod h1:TfRbMdhvxIIr/B2N2LQW2S5v9m3gOQ/08KsbbO5BPT0=
-go.opentelemetry.io/otel/sdk/metric v1.31.0 h1:i9hxxLJF/9kkvfHppyLL55aW7iIJz4JjxTeYusH7zMc=
-go.opentelemetry.io/otel/sdk/metric v1.31.0/go.mod h1:CRInTMVvNhUKgSAMbKyTMxqOBC0zgyxzW55lZzX43Y8=
-go.opentelemetry.io/otel/trace v1.31.0 h1:ffjsj1aRouKewfr85U2aGagJ46+MvodynlQ1HYdmJys=
-go.opentelemetry.io/otel/trace v1.31.0/go.mod h1:TXZkRk7SM2ZQLtR6eoAWQFIHPvzQ06FJAsO1tJg480A=
+go.opentelemetry.io/otel/metric v1.32.0 h1:xV2umtmNcThh2/a/aCP+h64Xx5wsj8qqnkYZktzNa0M=
+go.opentelemetry.io/otel/metric v1.32.0/go.mod h1:jH7CIbbK6SH2V2wE16W05BHCtIDzauciCRLoc/SyMv8=
+go.opentelemetry.io/otel/sdk v1.32.0 h1:RNxepc9vK59A8XsgZQouW8ue8Gkb4jpWtJm9ge5lEG4=
+go.opentelemetry.io/otel/sdk v1.32.0/go.mod h1:LqgegDBjKMmb2GC6/PrTnteJG39I8/vJCAP9LlJXEjU=
+go.opentelemetry.io/otel/sdk/metric v1.32.0 h1:rZvFnvmvawYb0alrYkjraqJq0Z4ZUJAiyYCU9snn1CU=
+go.opentelemetry.io/otel/sdk/metric v1.32.0/go.mod h1:PWeZlq0zt9YkYAp3gjKZ0eicRYvOh1Gd+X99x6GHpCQ=
+go.opentelemetry.io/otel/trace v1.32.0 h1:WIC9mYrXf8TmY/EXuULKc8hR17vE+Hjv2cssQDe03fM=
+go.opentelemetry.io/otel/trace v1.32.0/go.mod h1:+i4rkvCraA+tG6AzwloGaCtkx53Fa+L+V8e9a7YvhT8=
go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0=
go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8=
go.starlark.net v0.0.0-20240520160348-046347dcd104 h1:3qhteRISupnJvaWshOmeqEUs2y9oc/+/ePPvDh3Eygg=
@@ -944,8 +944,8 @@ golang.org/x/crypto v0.0.0-20190617133340-57b3e21c3d56/go.mod h1:yigFU9vqHzYiE8U
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw=
-golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U=
+golang.org/x/crypto v0.29.0 h1:L5SG1JTTXupVV3n6sUqMTeWbjAyfPwoda2DLX8J8FrQ=
+golang.org/x/crypto v0.29.0/go.mod h1:+F4F4N5hv6v38hfeYwTdx20oUvLLc+QfrE9Ax9HtgRg=
golang.org/x/crypto/x509roots/fallback v0.0.0-20240904212608-c9da6b9a4008 h1:vKHSxFhPLnBEYu9R8DcQ4gXq9EqU0VVhC9pq9wmtYsg=
golang.org/x/crypto/x509roots/fallback v0.0.0-20240904212608-c9da6b9a4008/go.mod h1:kNa9WdvYnzFwC79zRpLRMJbdEFlhyM5RPFBBZp/wWH8=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -982,8 +982,8 @@ golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLL
golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4=
-golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU=
+golang.org/x/net v0.31.0 h1:68CPQngjLL0r2AlUKiSxtQFKvzRVbnzLwMUn5SzcLHo=
+golang.org/x/net v0.31.0/go.mod h1:P4fl1q7dY2hnZFxEk4pPSkDHF+QqjitcnDjUQyMM+pM=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -996,8 +996,8 @@ golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJ
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ=
-golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.9.0 h1:fEo0HyrW1GIgZdpbhCRO0PkJajUS5H9IFUztCgEo2jQ=
+golang.org/x/sync v0.9.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -1035,17 +1035,17 @@ golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo=
-golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24=
-golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M=
+golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s=
+golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.26.0 h1:WEQa6V3Gja/BhNxg540hBip/kkaYtRg3cxg4oXSw4AU=
+golang.org/x/term v0.26.0/go.mod h1:Si5m1o57C5nBNQo5z1iq+XDijt21BDBDp2bK0QI8e3E=
golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM=
-golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
+golang.org/x/text v0.20.0 h1:gK/Kv2otX8gz+wn7Rmb3vT96ZwuoxnQlY+HlJVj7Qug=
+golang.org/x/text v0.20.0/go.mod h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4=
golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -1088,10 +1088,10 @@ google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98
google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de h1:F6qOa9AZTYJXOUEr4jDysRDLrm4PHePlge4v4TGAlxY=
google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de/go.mod h1:VUhTRKeHn9wwcdrk73nvdC9gF178Tzhmt/qyaFcPLSo=
-google.golang.org/genproto/googleapis/api v0.0.0-20241007155032-5fefd90f89a9 h1:T6rh4haD3GVYsgEfWExoCZA2o2FmbNyKpTuAxbEFPTg=
-google.golang.org/genproto/googleapis/api v0.0.0-20241007155032-5fefd90f89a9/go.mod h1:wp2WsuBYj6j8wUdo3ToZsdxxixbvQNAHqVJrTgi5E5M=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20241007155032-5fefd90f89a9 h1:QCqS/PdaHTSWGvupk2F/ehwHtGc0/GYkT+3GAcR1CCc=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20241007155032-5fefd90f89a9/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI=
+google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 h1:M0KvPgPmDZHPlbRbaNU1APr28TvwvvdUPlSv7PUvy8g=
+google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28/go.mod h1:dguCy7UOdZhTvLzDyt15+rOrawrpM4q7DD9dQ1P11P4=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28 h1:XVhgTWWV3kGQlwJHR3upFWZeTsei6Oks1apkZSeonIE=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI=
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
@@ -1100,8 +1100,8 @@ google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQ
google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.67.1 h1:zWnc1Vrcno+lHZCOofnIMvycFcc0QRGIzm9dhnDX68E=
-google.golang.org/grpc v1.67.1/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA=
+google.golang.org/grpc v1.68.0 h1:aHQeeJbo8zAkAa3pRzrVjZlbz6uSfeOXlJNQM0RAbz0=
+google.golang.org/grpc v1.68.0/go.mod h1:fmSPC5AsjSBCK54MyHRx48kpOti1/jRfOlwEWywNjWA=
google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
@@ -1111,8 +1111,8 @@ google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2
google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
-google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA=
-google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
+google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io=
+google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20160105164936-4f90aeace3a2/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -1152,8 +1152,8 @@ gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
gotest.tools/v3 v3.5.1 h1:EENdUnS3pdur5nybKYIh2Vfgc8IUNBjxDPSjtiJcOzU=
gotest.tools/v3 v3.5.1/go.mod h1:isy3WKz7GK6uNw/sbHzfKBLvlvXwUyV06n6brMxxopU=
-helm.sh/helm/v3 v3.16.2 h1:Y9v7ry+ubQmi+cb5zw1Llx8OKHU9Hk9NQ/+P+LGBe2o=
-helm.sh/helm/v3 v3.16.2/go.mod h1:SyTXgKBjNqi2NPsHCW5dDAsHqvGIu0kdNYNH9gQaw70=
+helm.sh/helm/v3 v3.16.3 h1:kb8bSxMeRJ+knsK/ovvlaVPfdis0X3/ZhYCSFRP+YmY=
+helm.sh/helm/v3 v3.16.3/go.mod h1:zeVWGDR4JJgiRbT3AnNsjYaX8OTJlIE9zC+Q7F7iUSU=
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
diff --git a/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml b/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml
index 26e42496459..e81c777ee74 100644
--- a/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml
+++ b/internal/cmd/egctl/testdata/translate/out/default-resources.all.yaml
@@ -772,7 +772,6 @@ xds:
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -792,7 +791,6 @@ xds:
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -819,7 +817,6 @@ xds:
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -839,7 +836,6 @@ xds:
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -859,7 +855,6 @@ xds:
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -891,7 +886,8 @@ xds:
path: /dev/stdout
address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
@@ -950,7 +946,8 @@ xds:
path: /dev/stdout
address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 8080
defaultFilterChain:
filters:
@@ -1017,7 +1014,8 @@ xds:
path: /dev/stdout
address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 1234
filterChains:
- filters:
@@ -1056,7 +1054,8 @@ xds:
path: /dev/stdout
address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 8443
filterChains:
- filterChainMatch:
@@ -1102,7 +1101,8 @@ xds:
path: /dev/stdout
address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 1234
protocol: UDP
listenerFilters:
diff --git a/internal/cmd/egctl/testdata/translate/out/echo-gateway-api.cluster.yaml b/internal/cmd/egctl/testdata/translate/out/echo-gateway-api.cluster.yaml
index cc99b73a833..9bb0bc2ac1c 100644
--- a/internal/cmd/egctl/testdata/translate/out/echo-gateway-api.cluster.yaml
+++ b/internal/cmd/egctl/testdata/translate/out/echo-gateway-api.cluster.yaml
@@ -100,7 +100,6 @@ xds:
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.json b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.json
index a89e4bcdae3..96f794bb456 100644
--- a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.json
+++ b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.json
@@ -458,7 +458,6 @@
"localityWeightedLbConfig": {}
},
"connectTimeout": "10s",
- "dnsLookupFamily": "V4_ONLY",
"edsClusterConfig": {
"edsConfig": {
"ads": {},
@@ -488,7 +487,6 @@
"localityWeightedLbConfig": {}
},
"connectTimeout": "10s",
- "dnsLookupFamily": "V4_ONLY",
"edsClusterConfig": {
"edsConfig": {
"ads": {},
@@ -529,7 +527,6 @@
"localityWeightedLbConfig": {}
},
"connectTimeout": "10s",
- "dnsLookupFamily": "V4_ONLY",
"edsClusterConfig": {
"edsConfig": {
"ads": {},
@@ -559,7 +556,6 @@
"localityWeightedLbConfig": {}
},
"connectTimeout": "10s",
- "dnsLookupFamily": "V4_ONLY",
"edsClusterConfig": {
"edsConfig": {
"ads": {},
@@ -589,7 +585,6 @@
"localityWeightedLbConfig": {}
},
"connectTimeout": "10s",
- "dnsLookupFamily": "V4_ONLY",
"edsClusterConfig": {
"edsConfig": {
"ads": {},
@@ -637,7 +632,8 @@
],
"address": {
"socketAddress": {
- "address": "0.0.0.0",
+ "address": "::",
+ "ipv4Compat": true,
"portValue": 10080
}
},
@@ -728,7 +724,8 @@
],
"address": {
"socketAddress": {
- "address": "0.0.0.0",
+ "address": "::",
+ "ipv4Compat": true,
"portValue": 8080
}
},
@@ -833,7 +830,8 @@
],
"address": {
"socketAddress": {
- "address": "0.0.0.0",
+ "address": "::",
+ "ipv4Compat": true,
"portValue": 1234
}
},
@@ -898,7 +896,8 @@
],
"address": {
"socketAddress": {
- "address": "0.0.0.0",
+ "address": "::",
+ "ipv4Compat": true,
"portValue": 8443
}
},
@@ -976,7 +975,8 @@
],
"address": {
"socketAddress": {
- "address": "0.0.0.0",
+ "address": "::",
+ "ipv4Compat": true,
"portValue": 1234,
"protocol": "UDP"
}
diff --git a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.yaml b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.yaml
index fbb1df4f5b0..e4490080e3d 100644
--- a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.yaml
+++ b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.all.yaml
@@ -251,7 +251,6 @@ xds:
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -271,7 +270,6 @@ xds:
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -298,7 +296,6 @@ xds:
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -318,7 +315,6 @@ xds:
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -338,7 +334,6 @@ xds:
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -370,7 +365,8 @@ xds:
path: /dev/stdout
address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
@@ -429,7 +425,8 @@ xds:
path: /dev/stdout
address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 8080
defaultFilterChain:
filters:
@@ -496,7 +493,8 @@ xds:
path: /dev/stdout
address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 1234
filterChains:
- filters:
@@ -535,7 +533,8 @@ xds:
path: /dev/stdout
address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 8443
filterChains:
- filterChainMatch:
@@ -581,7 +580,8 @@ xds:
path: /dev/stdout
address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 1234
protocol: UDP
listenerFilters:
diff --git a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.cluster.yaml b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.cluster.yaml
index 7545c4660d0..aa348c640c9 100644
--- a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.cluster.yaml
+++ b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.cluster.yaml
@@ -10,7 +10,6 @@ xds:
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -30,7 +29,6 @@ xds:
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -57,7 +55,6 @@ xds:
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -77,7 +74,6 @@ xds:
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -97,7 +93,6 @@ xds:
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.listener.yaml b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.listener.yaml
index b6c94a95ae8..99b3a3f2cf5 100644
--- a/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.listener.yaml
+++ b/internal/cmd/egctl/testdata/translate/out/from-gateway-api-to-xds.listener.yaml
@@ -20,7 +20,8 @@ xds:
path: /dev/stdout
address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
@@ -79,7 +80,8 @@ xds:
path: /dev/stdout
address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 8080
defaultFilterChain:
filters:
@@ -146,7 +148,8 @@ xds:
path: /dev/stdout
address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 1234
filterChains:
- filters:
@@ -185,7 +188,8 @@ xds:
path: /dev/stdout
address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 8443
filterChains:
- filterChainMatch:
@@ -231,7 +235,8 @@ xds:
path: /dev/stdout
address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 1234
protocol: UDP
listenerFilters:
diff --git a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.json b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.json
index 6ce6ee01347..a777f5cdc56 100644
--- a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.json
+++ b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.json
@@ -350,7 +350,6 @@
"localityWeightedLbConfig": {}
},
"connectTimeout": "10s",
- "dnsLookupFamily": "V4_ONLY",
"edsClusterConfig": {
"edsConfig": {
"ads": {},
@@ -380,7 +379,6 @@
"localityWeightedLbConfig": {}
},
"connectTimeout": "10s",
- "dnsLookupFamily": "V4_ONLY",
"dnsRefreshRate": "30s",
"lbPolicy": "LEAST_REQUEST",
"loadAssignment": {
@@ -460,7 +458,8 @@
],
"address": {
"socketAddress": {
- "address": "0.0.0.0",
+ "address": "::",
+ "ipv4Compat": true,
"portValue": 10080
}
},
diff --git a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.yaml b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.yaml
index 237f0f3a4ac..c3ee0ddf26a 100644
--- a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.yaml
+++ b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.yaml
@@ -195,7 +195,6 @@ xds:
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -215,7 +214,6 @@ xds:
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
dnsRefreshRate: 30s
lbPolicy: LEAST_REQUEST
loadAssignment:
@@ -265,7 +263,8 @@ xds:
path: /dev/stdout
address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.cluster.yaml b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.cluster.yaml
index 9d93c93a8a4..ee8af9b7c15 100644
--- a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.cluster.yaml
+++ b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.cluster.yaml
@@ -10,7 +10,6 @@ xds:
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -30,7 +29,6 @@ xds:
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
dnsRefreshRate: 30s
lbPolicy: LEAST_REQUEST
loadAssignment:
diff --git a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.listener.yaml b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.listener.yaml
index 347f3302124..ed90fc0e3e2 100644
--- a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.listener.yaml
+++ b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.listener.yaml
@@ -20,7 +20,8 @@ xds:
path: /dev/stdout
address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/cmd/egctl/testdata/translate/out/no-service-cluster-ip.all.yaml b/internal/cmd/egctl/testdata/translate/out/no-service-cluster-ip.all.yaml
index 517f3482f9f..6edf19677ad 100644
--- a/internal/cmd/egctl/testdata/translate/out/no-service-cluster-ip.all.yaml
+++ b/internal/cmd/egctl/testdata/translate/out/no-service-cluster-ip.all.yaml
@@ -195,7 +195,6 @@ xds:
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -227,7 +226,8 @@ xds:
path: /dev/stdout
address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/cmd/egctl/testdata/translate/out/quickstart.all.yaml b/internal/cmd/egctl/testdata/translate/out/quickstart.all.yaml
index de96e757e8e..862c8e8b795 100644
--- a/internal/cmd/egctl/testdata/translate/out/quickstart.all.yaml
+++ b/internal/cmd/egctl/testdata/translate/out/quickstart.all.yaml
@@ -95,7 +95,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/cmd/envoy/shutdown_manager.go b/internal/cmd/envoy/shutdown_manager.go
index 48f624bb67a..e0b8204a61d 100644
--- a/internal/cmd/envoy/shutdown_manager.go
+++ b/internal/cmd/envoy/shutdown_manager.go
@@ -171,7 +171,7 @@ func Shutdown(drainTimeout time.Duration, minDrainDuration time.Duration, exitAt
// postEnvoyAdminAPI sends a POST request to the Envoy admin API
func postEnvoyAdminAPI(path string) error {
if resp, err := http.Post(fmt.Sprintf("http://%s:%d/%s",
- bootstrap.EnvoyAdminAddress, bootstrap.EnvoyAdminPort, path), "application/json", nil); err != nil {
+ "localhost", bootstrap.EnvoyAdminPort, path), "application/json", nil); err != nil {
return err
} else {
defer resp.Body.Close()
@@ -187,7 +187,7 @@ func postEnvoyAdminAPI(path string) error {
func getTotalConnections() (*int, error) {
// Send request to Envoy admin API to retrieve server.total_connections stat
if resp, err := http.Get(fmt.Sprintf("http://%s:%d//stats?filter=^server\\.total_connections$&format=json",
- bootstrap.EnvoyAdminAddress, bootstrap.EnvoyAdminPort)); err != nil {
+ "localhost", bootstrap.EnvoyAdminPort)); err != nil {
return nil, err
} else {
defer resp.Body.Close()
diff --git a/internal/gatewayapi/clienttrafficpolicy.go b/internal/gatewayapi/clienttrafficpolicy.go
index bded79d4cf9..1c8d0f8af4a 100644
--- a/internal/gatewayapi/clienttrafficpolicy.go
+++ b/internal/gatewayapi/clienttrafficpolicy.go
@@ -780,7 +780,7 @@ func (t *Translator) buildListenerTLSParameters(policy *egv1a1.ClientTrafficPoli
return irTLSConfig, nil
}
- if len(tlsParams.ALPNProtocols) > 0 {
+ if tlsParams.ALPNProtocols != nil {
irTLSConfig.ALPNProtocols = make([]string, len(tlsParams.ALPNProtocols))
for i := range tlsParams.ALPNProtocols {
irTLSConfig.ALPNProtocols[i] = string(tlsParams.ALPNProtocols[i])
diff --git a/internal/gatewayapi/envoyextensionpolicy.go b/internal/gatewayapi/envoyextensionpolicy.go
index 9ba561f1b5d..bb5da8be140 100644
--- a/internal/gatewayapi/envoyextensionpolicy.go
+++ b/internal/gatewayapi/envoyextensionpolicy.go
@@ -434,7 +434,7 @@ func (t *Translator) buildExtProc(
err error
)
- if rd, err = t.translateExtServiceBackendRefs(policy, extProc.BackendRefs, ir.GRPC, resources, envoyProxy, extProcIdx); err != nil {
+ if rd, err = t.translateExtServiceBackendRefs(policy, extProc.BackendRefs, ir.GRPC, resources, envoyProxy, "extproc", extProcIdx); err != nil {
return nil, err
}
@@ -675,6 +675,10 @@ func (t *Translator) buildWasm(
Code: code,
}
+ if config.Env != nil && len(config.Env.HostKeys) > 0 {
+ wasmIR.HostKeys = config.Env.HostKeys
+ }
+
return wasmIR, nil
}
diff --git a/internal/gatewayapi/ext_service.go b/internal/gatewayapi/ext_service.go
index e7ab19036ee..39bd5aebe47 100644
--- a/internal/gatewayapi/ext_service.go
+++ b/internal/gatewayapi/ext_service.go
@@ -29,6 +29,7 @@ func (t *Translator) translateExtServiceBackendRefs(
protocol ir.AppProtocol,
resources *resource.Resources,
envoyProxy *egv1a1.EnvoyProxy,
+ configType string,
index int, // index is used to differentiate between multiple external services in the same policy
) (*ir.RouteDestination, error) {
var (
@@ -66,7 +67,7 @@ func (t *Translator) translateExtServiceBackendRefs(
}
rs = &ir.RouteDestination{
- Name: irIndexedExtServiceDestinationName(pnn, policy.GetObjectKind().GroupVersionKind().Kind, index),
+ Name: irIndexedExtServiceDestinationName(pnn, policy.GetObjectKind().GroupVersionKind().Kind, configType, index),
Settings: ds,
}
return rs, nil
@@ -139,12 +140,12 @@ func (t *Translator) processExtServiceDestination(
return ds, nil
}
-// TODO: also refer to extension type, as Wasm may also introduce destinations
-func irIndexedExtServiceDestinationName(policyNamespacedName types.NamespacedName, policyKind string, idx int) string {
+func irIndexedExtServiceDestinationName(policyNamespacedName types.NamespacedName, policyKind string, configType string, idx int) string {
return strings.ToLower(fmt.Sprintf(
- "%s/%s/%s/%d",
+ "%s/%s/%s/%s/%d",
policyKind,
policyNamespacedName.Namespace,
policyNamespacedName.Name,
+ configType,
idx))
}
diff --git a/internal/gatewayapi/listener.go b/internal/gatewayapi/listener.go
index 30e75ad6197..71235414814 100644
--- a/internal/gatewayapi/listener.go
+++ b/internal/gatewayapi/listener.go
@@ -22,6 +22,7 @@ import (
"github.com/envoyproxy/gateway/internal/ir"
"github.com/envoyproxy/gateway/internal/utils"
"github.com/envoyproxy/gateway/internal/utils/naming"
+ "github.com/envoyproxy/gateway/internal/utils/net"
)
var _ ListenersTranslator = (*Translator)(nil)
@@ -99,6 +100,10 @@ func (t *Translator) ProcessListeners(gateways []*GatewayContext, xdsIR resource
if !isReady {
continue
}
+
+ // EG always use `::` and set ipv4_compact with true to support both IPv4 and IPv6
+ address := net.IPv6ListenerAddress
+
// Add the listener to the Xds IR
servicePort := &protocolPort{protocol: listener.Protocol, port: int32(listener.Port)}
containerPort := servicePortToContainerPort(int32(listener.Port), gateway.envoyProxy)
@@ -107,7 +112,7 @@ func (t *Translator) ProcessListeners(gateways []*GatewayContext, xdsIR resource
irListener := &ir.HTTPListener{
CoreListenerDetails: ir.CoreListenerDetails{
Name: irListenerName(listener),
- Address: "0.0.0.0",
+ Address: address,
Port: uint32(containerPort),
Metadata: buildListenerMetadata(listener, gateway),
IPFamily: getIPFamily(gateway.envoyProxy),
@@ -134,7 +139,7 @@ func (t *Translator) ProcessListeners(gateways []*GatewayContext, xdsIR resource
irListener := &ir.TCPListener{
CoreListenerDetails: ir.CoreListenerDetails{
Name: irListenerName(listener),
- Address: "0.0.0.0",
+ Address: address,
Port: uint32(containerPort),
IPFamily: getIPFamily(gateway.envoyProxy),
},
@@ -150,7 +155,7 @@ func (t *Translator) ProcessListeners(gateways []*GatewayContext, xdsIR resource
irListener := &ir.UDPListener{
CoreListenerDetails: ir.CoreListenerDetails{
Name: irListenerName(listener),
- Address: "0.0.0.0",
+ Address: address,
Port: uint32(containerPort),
},
}
diff --git a/internal/gatewayapi/route.go b/internal/gatewayapi/route.go
index e51947411d8..26627a07285 100644
--- a/internal/gatewayapi/route.go
+++ b/internal/gatewayapi/route.go
@@ -302,6 +302,7 @@ func (t *Translator) processHTTPRouteRule(httpRoute *HTTPRouteContext, ruleIdx i
irRoute := &ir.HTTPRoute{
Name: irRouteName(httpRoute, ruleIdx, -1),
}
+ irRoute.Metadata = buildRouteMetadata(httpRoute, rule.Name)
processRouteTimeout(irRoute, rule)
applyHTTPFiltersContextToIRRoute(httpFiltersContext, irRoute)
ruleRoutes = append(ruleRoutes, irRoute)
@@ -362,6 +363,7 @@ func (t *Translator) processHTTPRouteRule(httpRoute *HTTPRouteContext, ruleIdx i
Name: irRouteName(httpRoute, ruleIdx, matchIdx),
SessionPersistence: sessionPersistence,
}
+ irRoute.Metadata = buildRouteMetadata(httpRoute, rule.Name)
processRouteTimeout(irRoute, rule)
if match.Path != nil {
@@ -595,6 +597,7 @@ func (t *Translator) processGRPCRouteRule(grpcRoute *GRPCRouteContext, ruleIdx i
irRoute := &ir.HTTPRoute{
Name: irRouteName(grpcRoute, ruleIdx, -1),
}
+ irRoute.Metadata = buildRouteMetadata(grpcRoute, rule.Name)
applyHTTPFiltersContextToIRRoute(httpFiltersContext, irRoute)
ruleRoutes = append(ruleRoutes, irRoute)
}
@@ -606,7 +609,7 @@ func (t *Translator) processGRPCRouteRule(grpcRoute *GRPCRouteContext, ruleIdx i
irRoute := &ir.HTTPRoute{
Name: irRouteName(grpcRoute, ruleIdx, matchIdx),
}
-
+ irRoute.Metadata = buildRouteMetadata(grpcRoute, rule.Name)
for _, headerMatch := range match.Headers {
switch GRPCHeaderMatchTypeDerefOr(headerMatch.Type, gwapiv1.GRPCHeaderMatchExact) {
case gwapiv1.GRPCHeaderMatchExact:
@@ -696,7 +699,6 @@ func (t *Translator) processHTTPRouteParentRefListener(route RouteContext, route
continue
}
hasHostnameIntersection = true
- routeMetadata := buildRouteMetadata(route)
var perHostRoutes []*ir.HTTPRoute
for _, host := range hosts {
@@ -723,7 +725,7 @@ func (t *Translator) processHTTPRouteParentRefListener(route RouteContext, route
underscoredHost := strings.ReplaceAll(host, ".", "_")
hostRoute := &ir.HTTPRoute{
Name: fmt.Sprintf("%s/%s", routeRoute.Name, underscoredHost),
- Metadata: routeMetadata,
+ Metadata: routeRoute.Metadata,
Hostname: host,
PathMatch: routeRoute.PathMatch,
HeaderMatches: routeRoute.HeaderMatches,
@@ -764,13 +766,17 @@ func (t *Translator) processHTTPRouteParentRefListener(route RouteContext, route
return hasHostnameIntersection
}
-func buildRouteMetadata(route RouteContext) *ir.ResourceMetadata {
- return &ir.ResourceMetadata{
+func buildRouteMetadata(route RouteContext, sectionName *gwapiv1.SectionName) *ir.ResourceMetadata {
+ metadata := &ir.ResourceMetadata{
Kind: route.GetObjectKind().GroupVersionKind().Kind,
Name: route.GetName(),
Namespace: route.GetNamespace(),
Annotations: filterEGPrefix(route.GetAnnotations()),
}
+ if sectionName != nil {
+ metadata.SectionName = string(*sectionName)
+ }
+ return metadata
}
func filterEGPrefix(in map[string]string) map[string]string {
diff --git a/internal/gatewayapi/securitypolicy.go b/internal/gatewayapi/securitypolicy.go
index f6fdc0e4737..56b7ef72ef3 100644
--- a/internal/gatewayapi/securitypolicy.go
+++ b/internal/gatewayapi/securitypolicy.go
@@ -373,8 +373,7 @@ func (t *Translator) translateSecurityPolicyForRoute(
if extAuth, err = t.buildExtAuth(
policy,
resources,
- gtwCtx.envoyProxy,
- ); err != nil {
+ gtwCtx.envoyProxy); err != nil {
err = perr.WithMessage(err, "ExtAuth")
errs = errors.Join(errs, err)
}
@@ -385,7 +384,7 @@ func (t *Translator) translateSecurityPolicyForRoute(
if oidc, err = t.buildOIDC(
policy,
resources,
- gtwCtx.envoyProxy); err != nil {
+ gtwCtx.envoyProxy); err != nil { // TODO zhaohuabing: Only the last EnvoyProxy is used
err = perr.WithMessage(err, "OIDC")
errs = errors.Join(errs, err)
}
@@ -468,8 +467,7 @@ func (t *Translator) translateSecurityPolicyForGateway(
if extAuth, err = t.buildExtAuth(
policy,
resources,
- gateway.envoyProxy,
- ); err != nil {
+ gateway.envoyProxy); err != nil {
err = perr.WithMessage(err, "ExtAuth")
errs = errors.Join(errs, err)
}
@@ -705,7 +703,7 @@ func (t *Translator) buildOIDCProvider(policy *egv1a1.SecurityPolicy, resources
}
if len(provider.BackendRefs) > 0 {
- if rd, err = t.translateExtServiceBackendRefs(policy, provider.BackendRefs, protocol, resources, envoyProxy, 0); err != nil {
+ if rd, err = t.translateExtServiceBackendRefs(policy, provider.BackendRefs, protocol, resources, envoyProxy, "oidc", 0); err != nil {
return nil, err
}
}
@@ -839,16 +837,21 @@ func (t *Translator) buildBasicAuth(
}, nil
}
-func (t *Translator) buildExtAuth(policy *egv1a1.SecurityPolicy, resources *resource.Resources, envoyProxy *egv1a1.EnvoyProxy) (*ir.ExtAuth, error) {
+func (t *Translator) buildExtAuth(
+ policy *egv1a1.SecurityPolicy,
+ resources *resource.Resources,
+ envoyProxy *egv1a1.EnvoyProxy,
+) (*ir.ExtAuth, error) {
var (
- http = policy.Spec.ExtAuth.HTTP
- grpc = policy.Spec.ExtAuth.GRPC
- backends *egv1a1.BackendCluster
- protocol ir.AppProtocol
- rd *ir.RouteDestination
- authority string
- err error
- traffic *ir.TrafficFeatures
+ http = policy.Spec.ExtAuth.HTTP
+ grpc = policy.Spec.ExtAuth.GRPC
+ backendRefs []egv1a1.BackendRef
+ backendSettings *egv1a1.ClusterSettings
+ protocol ir.AppProtocol
+ rd *ir.RouteDestination
+ authority string
+ err error
+ traffic *ir.TrafficFeatures
)
// These are sanity checks, they should never happen because the API server
@@ -861,18 +864,42 @@ func (t *Translator) buildExtAuth(policy *egv1a1.SecurityPolicy, resources *reso
switch {
case http != nil:
- backends = &http.BackendCluster
protocol = ir.HTTP
+ switch {
+ case len(http.BackendRefs) > 0:
+ backendRefs = http.BackendCluster.BackendRefs
+ case http.BackendRef != nil:
+ backendRefs = []egv1a1.BackendRef{
+ {
+ BackendObjectReference: *http.BackendRef,
+ },
+ }
+ default:
+ // This is a sanity check, it should never happen because the API server should have caught it
+ return nil, errors.New("http backend refs must be specified")
+ }
case grpc != nil:
- backends = &grpc.BackendCluster
protocol = ir.GRPC
+ switch {
+ case len(grpc.BackendCluster.BackendRefs) > 0:
+ backendRefs = grpc.BackendRefs
+ case grpc.BackendRef != nil:
+ backendRefs = []egv1a1.BackendRef{
+ {
+ BackendObjectReference: *grpc.BackendRef,
+ },
+ }
+ default:
+ // This is a sanity check, it should never happen because the API server should have caught it
+ return nil, errors.New("grpc backend refs must be specified")
+ }
}
- if rd, err = t.translateExtServiceBackendRefs(policy, backends.BackendRefs, protocol, resources, envoyProxy, 0); err != nil {
+ if rd, err = t.translateExtServiceBackendRefs(policy, backendRefs, protocol, resources, envoyProxy, "extauth", 0); err != nil {
return nil, err
}
- for _, backendRef := range backends.BackendRefs {
+ for _, backendRef := range backendRefs {
// Authority is the calculated hostname that will be used as the Authority header.
// If there are multiple backend referenced, simply use the first one - there are no good answers here.
// When translated to XDS, the authority is used on the filter level not on the cluster level.
@@ -882,7 +909,7 @@ func (t *Translator) buildExtAuth(policy *egv1a1.SecurityPolicy, resources *reso
}
}
- if traffic, err = translateTrafficFeatures(backends.BackendSettings); err != nil {
+ if traffic, err = translateTrafficFeatures(backendSettings); err != nil {
return nil, err
}
extAuth := &ir.ExtAuth{
diff --git a/internal/gatewayapi/testdata/backend-invalid-feature-disabled.out.yaml b/internal/gatewayapi/testdata/backend-invalid-feature-disabled.out.yaml
index 49d35c60700..496795222d9 100644
--- a/internal/gatewayapi/testdata/backend-invalid-feature-disabled.out.yaml
+++ b/internal/gatewayapi/testdata/backend-invalid-feature-disabled.out.yaml
@@ -153,7 +153,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/backend-with-fallback.out.yaml b/internal/gatewayapi/testdata/backend-with-fallback.out.yaml
index 74bd61795fe..94b4d02065d 100644
--- a/internal/gatewayapi/testdata/backend-with-fallback.out.yaml
+++ b/internal/gatewayapi/testdata/backend-with-fallback.out.yaml
@@ -138,7 +138,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/backendtlspolicy-across-ns.out.yaml b/internal/gatewayapi/testdata/backendtlspolicy-across-ns.out.yaml
index fde390c7efe..7d776a1784f 100644
--- a/internal/gatewayapi/testdata/backendtlspolicy-across-ns.out.yaml
+++ b/internal/gatewayapi/testdata/backendtlspolicy-across-ns.out.yaml
@@ -121,7 +121,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/backendtlspolicy-ca-only-secret.out.yaml b/internal/gatewayapi/testdata/backendtlspolicy-ca-only-secret.out.yaml
index a5b87b3fa1f..a65ea66d0ab 100644
--- a/internal/gatewayapi/testdata/backendtlspolicy-ca-only-secret.out.yaml
+++ b/internal/gatewayapi/testdata/backendtlspolicy-ca-only-secret.out.yaml
@@ -132,7 +132,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/backendtlspolicy-ca-only.out.yaml b/internal/gatewayapi/testdata/backendtlspolicy-ca-only.out.yaml
index 8489f047341..f85b9c73c3f 100644
--- a/internal/gatewayapi/testdata/backendtlspolicy-ca-only.out.yaml
+++ b/internal/gatewayapi/testdata/backendtlspolicy-ca-only.out.yaml
@@ -132,7 +132,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/backendtlspolicy-default-ns-targetrefs.out.yaml b/internal/gatewayapi/testdata/backendtlspolicy-default-ns-targetrefs.out.yaml
index 9f4874f90f4..3467422f204 100644
--- a/internal/gatewayapi/testdata/backendtlspolicy-default-ns-targetrefs.out.yaml
+++ b/internal/gatewayapi/testdata/backendtlspolicy-default-ns-targetrefs.out.yaml
@@ -266,7 +266,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -323,7 +323,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/backendtlspolicy-default-ns.out.yaml b/internal/gatewayapi/testdata/backendtlspolicy-default-ns.out.yaml
index 2e2186879f9..c8898169624 100644
--- a/internal/gatewayapi/testdata/backendtlspolicy-default-ns.out.yaml
+++ b/internal/gatewayapi/testdata/backendtlspolicy-default-ns.out.yaml
@@ -227,7 +227,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/backendtlspolicy-invalid-ca.out.yaml b/internal/gatewayapi/testdata/backendtlspolicy-invalid-ca.out.yaml
index 100efbcab4f..cb968f9a6a0 100644
--- a/internal/gatewayapi/testdata/backendtlspolicy-invalid-ca.out.yaml
+++ b/internal/gatewayapi/testdata/backendtlspolicy-invalid-ca.out.yaml
@@ -132,7 +132,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/backendtlspolicy-multiple-targets.out.yaml b/internal/gatewayapi/testdata/backendtlspolicy-multiple-targets.out.yaml
index 8ecd25a2418..207713455e8 100644
--- a/internal/gatewayapi/testdata/backendtlspolicy-multiple-targets.out.yaml
+++ b/internal/gatewayapi/testdata/backendtlspolicy-multiple-targets.out.yaml
@@ -174,7 +174,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/backendtlspolicy-system-truststore.out.yaml b/internal/gatewayapi/testdata/backendtlspolicy-system-truststore.out.yaml
index f91dc4d768e..8438c8551ce 100644
--- a/internal/gatewayapi/testdata/backendtlspolicy-system-truststore.out.yaml
+++ b/internal/gatewayapi/testdata/backendtlspolicy-system-truststore.out.yaml
@@ -129,7 +129,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-buffer-limit-out-of-range-error.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-buffer-limit-out-of-range-error.out.yaml
index bb171e01da7..b64b9faa39a 100644
--- a/internal/gatewayapi/testdata/backendtrafficpolicy-buffer-limit-out-of-range-error.out.yaml
+++ b/internal/gatewayapi/testdata/backendtrafficpolicy-buffer-limit-out-of-range-error.out.yaml
@@ -249,7 +249,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: true
@@ -292,7 +292,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-buffer-limit-with-invalid-value.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-buffer-limit-with-invalid-value.out.yaml
index 654c9bdab4a..b0b46e91d66 100644
--- a/internal/gatewayapi/testdata/backendtrafficpolicy-buffer-limit-with-invalid-value.out.yaml
+++ b/internal/gatewayapi/testdata/backendtrafficpolicy-buffer-limit-with-invalid-value.out.yaml
@@ -249,7 +249,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: true
@@ -292,7 +292,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-buffer-limit.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-buffer-limit.out.yaml
index d95c8a0fcc0..0db555c1cfd 100644
--- a/internal/gatewayapi/testdata/backendtrafficpolicy-buffer-limit.out.yaml
+++ b/internal/gatewayapi/testdata/backendtrafficpolicy-buffer-limit.out.yaml
@@ -249,7 +249,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: true
@@ -292,7 +292,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-override-replace.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-override-replace.out.yaml
index 8aafd70c0bb..a956f1b4706 100644
--- a/internal/gatewayapi/testdata/backendtrafficpolicy-override-replace.out.yaml
+++ b/internal/gatewayapi/testdata/backendtrafficpolicy-override-replace.out.yaml
@@ -272,7 +272,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-status-conditions.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-status-conditions.out.yaml
index 1a054712d80..1e671f11044 100644
--- a/internal/gatewayapi/testdata/backendtrafficpolicy-status-conditions.out.yaml
+++ b/internal/gatewayapi/testdata/backendtrafficpolicy-status-conditions.out.yaml
@@ -521,7 +521,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -540,7 +540,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -578,7 +578,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: true
@@ -612,6 +612,6 @@ xdsIR:
name: grpcroute/envoy-gateway/grpcroute-1/rule/0/match/0/*
traffic: {}
tcp:
- - address: 0.0.0.0
+ - address: '::'
name: envoy-gateway/gateway-2/tcp
port: 10053
diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-status-fault-injection.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-status-fault-injection.out.yaml
index 02222719f3f..b263c244b51 100644
--- a/internal/gatewayapi/testdata/backendtrafficpolicy-status-fault-injection.out.yaml
+++ b/internal/gatewayapi/testdata/backendtrafficpolicy-status-fault-injection.out.yaml
@@ -329,7 +329,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: true
@@ -373,7 +373,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-use-client-protocol.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-use-client-protocol.out.yaml
index 0a13771f373..678fc4dea50 100644
--- a/internal/gatewayapi/testdata/backendtrafficpolicy-use-client-protocol.out.yaml
+++ b/internal/gatewayapi/testdata/backendtrafficpolicy-use-client-protocol.out.yaml
@@ -127,7 +127,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-circuitbreakers-error.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-circuitbreakers-error.out.yaml
index 2b49ea23741..80a166ac5d5 100644
--- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-circuitbreakers-error.out.yaml
+++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-circuitbreakers-error.out.yaml
@@ -311,7 +311,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: true
@@ -349,7 +349,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-circuitbreakers.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-circuitbreakers.out.yaml
index 575bfca2e1b..a1cf0fa2af5 100644
--- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-circuitbreakers.out.yaml
+++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-circuitbreakers.out.yaml
@@ -253,7 +253,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: true
@@ -296,7 +296,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-dns-settings.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-dns-settings.out.yaml
index 12bbf12dbe7..04202343698 100644
--- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-dns-settings.out.yaml
+++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-dns-settings.out.yaml
@@ -318,7 +318,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -362,7 +362,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-healthcheck.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-healthcheck.out.yaml
index 4f964492673..792b473aba5 100644
--- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-healthcheck.out.yaml
+++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-healthcheck.out.yaml
@@ -678,7 +678,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: true
@@ -787,7 +787,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-http2.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-http2.out.yaml
index 35dbb164bf1..ca5371fc7df 100644
--- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-http2.out.yaml
+++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-http2.out.yaml
@@ -251,7 +251,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: true
@@ -293,7 +293,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-httproute-timeout.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-httproute-timeout.out.yaml
index 245739ca233..371a3709c9f 100644
--- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-httproute-timeout.out.yaml
+++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-httproute-timeout.out.yaml
@@ -130,7 +130,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-loadbalancer-invalid-consistent-hash-table-size.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-loadbalancer-invalid-consistent-hash-table-size.out.yaml
index dc2ba7fb3d3..0562588ff18 100644
--- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-loadbalancer-invalid-consistent-hash-table-size.out.yaml
+++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-loadbalancer-invalid-consistent-hash-table-size.out.yaml
@@ -201,7 +201,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-loadbalancer.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-loadbalancer.out.yaml
index b2378edf754..30918a9739b 100644
--- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-loadbalancer.out.yaml
+++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-loadbalancer.out.yaml
@@ -421,7 +421,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: true
@@ -460,7 +460,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit-default-route-level-limit.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit-default-route-level-limit.out.yaml
index d64aea61aee..bc398deeace 100644
--- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit-default-route-level-limit.out.yaml
+++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit-default-route-level-limit.out.yaml
@@ -150,7 +150,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit-invalid-limit-unit.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit-invalid-limit-unit.out.yaml
index 0be116e1ebf..3097821b6ae 100644
--- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit-invalid-limit-unit.out.yaml
+++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit-invalid-limit-unit.out.yaml
@@ -154,7 +154,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit-invalid-match-type.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit-invalid-match-type.out.yaml
index 21cae9b09f3..f4b263b7c99 100644
--- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit-invalid-match-type.out.yaml
+++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit-invalid-match-type.out.yaml
@@ -150,7 +150,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit-invalid-multiple-route-level-limits.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit-invalid-multiple-route-level-limits.out.yaml
index 0fd1f442bd8..f92bea8d0ca 100644
--- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit-invalid-multiple-route-level-limits.out.yaml
+++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit-invalid-multiple-route-level-limits.out.yaml
@@ -157,7 +157,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit.out.yaml
index f05856b9630..5f212860b63 100644
--- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit.out.yaml
+++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-local-ratelimit.out.yaml
@@ -153,7 +153,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-proxyprotocol.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-proxyprotocol.out.yaml
index c65df985ac5..46398f5452d 100644
--- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-proxyprotocol.out.yaml
+++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-proxyprotocol.out.yaml
@@ -245,7 +245,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: true
@@ -284,7 +284,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit-invalid-distinct-invert.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit-invalid-distinct-invert.out.yaml
index 4ea1623c867..75e47abd4ec 100644
--- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit-invalid-distinct-invert.out.yaml
+++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit-invalid-distinct-invert.out.yaml
@@ -134,7 +134,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: true
diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit-invalid-regex.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit-invalid-regex.out.yaml
index 8b20cbc59c9..a19a2ed3b72 100644
--- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit-invalid-regex.out.yaml
+++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit-invalid-regex.out.yaml
@@ -136,7 +136,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: true
diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit.out.yaml
index 07fa997e109..37763d7d92c 100644
--- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit.out.yaml
+++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-ratelimit.out.yaml
@@ -268,7 +268,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: true
@@ -321,7 +321,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-response-override-invalid-valueref.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-response-override-invalid-valueref.out.yaml
index c1542d9caec..8001e10e433 100644
--- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-response-override-invalid-valueref.out.yaml
+++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-response-override-invalid-valueref.out.yaml
@@ -294,7 +294,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: true
@@ -332,7 +332,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-response-override.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-response-override.out.yaml
index 568a57af484..4f0f13c6740 100644
--- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-response-override.out.yaml
+++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-response-override.out.yaml
@@ -293,7 +293,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: true
@@ -353,7 +353,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-retries.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-retries.out.yaml
index 40ae88b602d..2ae6a02c282 100644
--- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-retries.out.yaml
+++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-retries.out.yaml
@@ -264,7 +264,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: true
@@ -310,7 +310,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-same-prefix-httproutes.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-same-prefix-httproutes.out.yaml
index d032b952236..e8d3d65ed90 100644
--- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-same-prefix-httproutes.out.yaml
+++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-same-prefix-httproutes.out.yaml
@@ -169,7 +169,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-tcp-udp-listeners-apply-on-gateway.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-tcp-udp-listeners-apply-on-gateway.out.yaml
index 9fa8e7235c9..e96203a9214 100644
--- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-tcp-udp-listeners-apply-on-gateway.out.yaml
+++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-tcp-udp-listeners-apply-on-gateway.out.yaml
@@ -233,7 +233,7 @@ xdsIR:
text:
- path: /dev/stdout
tcp:
- - address: 0.0.0.0
+ - address: '::'
name: default/tcp-gateway/bar
port: 8089
routes:
@@ -292,7 +292,7 @@ xdsIR:
tcp:
connectTimeout: 15s
udp:
- - address: 0.0.0.0
+ - address: '::'
name: default/tcp-gateway/foo
port: 8162
route:
diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-tcp-udp-listeners-apply-on-route.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-tcp-udp-listeners-apply-on-route.out.yaml
index 5b1707b6f1a..89f07548c29 100644
--- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-tcp-udp-listeners-apply-on-route.out.yaml
+++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-tcp-udp-listeners-apply-on-route.out.yaml
@@ -306,7 +306,7 @@ xdsIR:
text:
- path: /dev/stdout
tcp:
- - address: 0.0.0.0
+ - address: '::'
name: default/tcp-gateway/bar
port: 8089
routes:
@@ -365,7 +365,7 @@ xdsIR:
tcp:
connectTimeout: 15s
udp:
- - address: 0.0.0.0
+ - address: '::'
name: default/tcp-gateway/foo
port: 8162
route:
diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-tcpkeepalive.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-tcpkeepalive.out.yaml
index 0213525db48..bf91d10226e 100644
--- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-tcpkeepalive.out.yaml
+++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-tcpkeepalive.out.yaml
@@ -249,7 +249,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: true
@@ -290,7 +290,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-timeout-error.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-timeout-error.out.yaml
index dc80d9e73a8..ab1c94ff3c9 100644
--- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-timeout-error.out.yaml
+++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-timeout-error.out.yaml
@@ -127,7 +127,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: true
diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-timeout-targetrefs.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-timeout-targetrefs.out.yaml
index ea546413a59..8a25a4a2fc8 100644
--- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-timeout-targetrefs.out.yaml
+++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-timeout-targetrefs.out.yaml
@@ -237,7 +237,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: true
@@ -277,7 +277,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/backendtrafficpolicy-with-timeout.out.yaml b/internal/gatewayapi/testdata/backendtrafficpolicy-with-timeout.out.yaml
index 0fad514c5e8..0244bcea667 100644
--- a/internal/gatewayapi/testdata/backendtrafficpolicy-with-timeout.out.yaml
+++ b/internal/gatewayapi/testdata/backendtrafficpolicy-with-timeout.out.yaml
@@ -257,7 +257,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: true
@@ -301,7 +301,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-buffer-limit-with-format-error.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-buffer-limit-with-format-error.out.yaml
index a11ad751e08..2f2cc555d95 100644
--- a/internal/gatewayapi/testdata/clienttrafficpolicy-buffer-limit-with-format-error.out.yaml
+++ b/internal/gatewayapi/testdata/clienttrafficpolicy-buffer-limit-with-format-error.out.yaml
@@ -159,7 +159,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -173,7 +173,7 @@ xdsIR:
escapedSlashesAction: UnescapeAndRedirect
mergeSlashes: true
port: 10080
- - address: 0.0.0.0
+ - address: '::'
connection: {}
hostnames:
- '*'
diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-buffer-limit-with-out-of-range-error.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-buffer-limit-with-out-of-range-error.out.yaml
index 9993a11f26d..20191e8b4ba 100644
--- a/internal/gatewayapi/testdata/clienttrafficpolicy-buffer-limit-with-out-of-range-error.out.yaml
+++ b/internal/gatewayapi/testdata/clienttrafficpolicy-buffer-limit-with-out-of-range-error.out.yaml
@@ -160,7 +160,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -174,7 +174,7 @@ xdsIR:
escapedSlashesAction: UnescapeAndRedirect
mergeSlashes: true
port: 10080
- - address: 0.0.0.0
+ - address: '::'
connection: {}
hostnames:
- '*'
diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-buffer-limit.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-buffer-limit.out.yaml
index d897fac8887..bbccfc1a09e 100644
--- a/internal/gatewayapi/testdata/clienttrafficpolicy-buffer-limit.out.yaml
+++ b/internal/gatewayapi/testdata/clienttrafficpolicy-buffer-limit.out.yaml
@@ -159,7 +159,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
connection:
bufferLimit: 50000000
hostnames:
@@ -175,7 +175,7 @@ xdsIR:
escapedSlashesAction: UnescapeAndRedirect
mergeSlashes: true
port: 10080
- - address: 0.0.0.0
+ - address: '::'
connection: {}
hostnames:
- '*'
diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-client-ip-detection.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-client-ip-detection.out.yaml
index 898d87d0be0..46d7c08e297 100644
--- a/internal/gatewayapi/testdata/clienttrafficpolicy-client-ip-detection.out.yaml
+++ b/internal/gatewayapi/testdata/clienttrafficpolicy-client-ip-detection.out.yaml
@@ -262,7 +262,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
clientIPDetection:
xForwardedFor:
numTrustedHops: 2
@@ -279,7 +279,7 @@ xdsIR:
escapedSlashesAction: UnescapeAndRedirect
mergeSlashes: true
port: 8081
- - address: 0.0.0.0
+ - address: '::'
clientIPDetection:
customHeader:
failClosed: false
@@ -297,7 +297,7 @@ xdsIR:
escapedSlashesAction: UnescapeAndRedirect
mergeSlashes: true
port: 8082
- - address: 0.0.0.0
+ - address: '::'
clientIPDetection:
customHeader:
failClosed: true
@@ -315,7 +315,7 @@ xdsIR:
escapedSlashesAction: UnescapeAndRedirect
mergeSlashes: true
port: 8083
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-connection-limit-error.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-connection-limit-error.out.yaml
index 705e23a8d0e..d5d78569444 100644
--- a/internal/gatewayapi/testdata/clienttrafficpolicy-connection-limit-error.out.yaml
+++ b/internal/gatewayapi/testdata/clienttrafficpolicy-connection-limit-error.out.yaml
@@ -161,7 +161,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -175,7 +175,7 @@ xdsIR:
escapedSlashesAction: UnescapeAndRedirect
mergeSlashes: true
port: 10080
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-connection-limit.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-connection-limit.out.yaml
index e4f163f5963..6f99ddff5b9 100644
--- a/internal/gatewayapi/testdata/clienttrafficpolicy-connection-limit.out.yaml
+++ b/internal/gatewayapi/testdata/clienttrafficpolicy-connection-limit.out.yaml
@@ -161,7 +161,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
connection:
limit:
closeDelay: 10s
@@ -179,7 +179,7 @@ xdsIR:
escapedSlashesAction: UnescapeAndRedirect
mergeSlashes: true
port: 10080
- - address: 0.0.0.0
+ - address: '::'
connection: {}
hostnames:
- '*'
diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-for-tcp-listeners.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-for-tcp-listeners.out.yaml
index efd290c9b1a..94a5074c65b 100644
--- a/internal/gatewayapi/testdata/clienttrafficpolicy-for-tcp-listeners.out.yaml
+++ b/internal/gatewayapi/testdata/clienttrafficpolicy-for-tcp-listeners.out.yaml
@@ -184,7 +184,7 @@ xdsIR:
text:
- path: /dev/stdout
tcp:
- - address: 0.0.0.0
+ - address: '::'
connection:
bufferLimit: 50000000
limit:
@@ -210,7 +210,7 @@ xdsIR:
- h2
certificates:
- name: envoy-gateway/tls-secret-1
- privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2QwZlBDYWtweE1nUnUKT0VXQjFiQk5FM3ZseW55aTZWbkV2VWF1OUhvakR2UHVPTFJIaGI4MmoyY1ovMHhnL1lKR09LelBuV2JERkxGNApHdWh3dDRENmFUR0xYNklPODEwTDZ0SXZIWGZNUXRJS2VwdTZ3K3p1WVo4bG1yejB1RjZlWEtqamVIbHhyb2ZrCnVNekM3OUVaU0lYZlZlczJ1SmdVRSs4VGFzSDUzQ2Y4MFNSRGlIeEdxckttdVNjWCtwejBreGdCZ1VWYTVVS20KUWdTZDFmVUxLOUEwNXAxOXkrdURPM204bVhRNkxVQ0N1STFwZHNROGFlNS9zamlxa0VjWlJjMTdWYVgxWjVVaQpvcGZnNW9SY05VTG9VTHNiek9aNTR0YlVDUmdSV2VLbGZxaElINEZ6OUlkVlUyR3dFdEdhMmV6TjgyMVBaQ3QzCjZhbVRIelJsQWdNQkFBRUNnZ0VBWTFGTUlLNDVXTkVNUHJ6RTZUY3NNdVV2RkdhQVZ4bVk5NW5SMEtwajdvb3IKY21CVys2ZXN0TTQ4S1AwaitPbXd3VFpMY29Cd3VoWGN0V1Bob1lXcDhteWUxRUlEdjNyaHRHMDdocEQ1NGg2dgpCZzh3ejdFYStzMk9sT0N6UnlKNzBSY281YlhjWDNGaGJjdnFlRWJwaFFyQnpOSEtLMjZ4cmZqNWZIT3p6T1FGCmJHdUZ3SDVic3JGdFhlajJXM3c4eW90N0ZQSDV3S3RpdnhvSWU5RjMyOXNnOU9EQnZqWnpiaG1LVTArckFTK1kKRGVield2bFJyaEUrbXVmQTN6M0N0QXhDOFJpNzNscFNoTDRQQWlvcG1SUXlxZXRXMjYzOFFxcnM0R3hnNzhwbApJUXJXTmNBc2s3Slg5d3RZenV6UFBXSXRWTTFscFJiQVRhNTJqdFl2NVFLQmdRRE5tMTFtZTRYam1ZSFV2cStZCmFTUzdwK2UybXZEMHVaOU9JeFluQnBWMGkrckNlYnFFMkE1Rm5hcDQ5Yld4QTgwUElldlVkeUpCL2pUUkoxcVMKRUpXQkpMWm1LVkg2K1QwdWw1ZUtOcWxFTFZHU0dCSXNpeE9SUXpDZHBoMkx0UmtBMHVjSVUzY3hiUmVMZkZCRQpiSkdZWENCdlNGcWd0VDlvZTFldVpMVmFOd0tCZ1FERWdENzJENk81eGIweEQ1NDQ1M0RPMUJhZmd6aThCWDRTCk1SaVd2LzFUQ0w5N05sRWtoeXovNmtQd1owbXJRcE5CMzZFdkpKZFVteHdkU2MyWDhrOGcxMC85NVlLQkdWQWoKL3d0YVZYbE9WeEFvK0ZSelpZeFpyQ29uWWFSMHVwUzFybDRtenN4REhlZU9mUVZUTUgwUjdZN0pnbTA5dXQ4SwplanAvSXZBb1F3S0JnQjNaRWlRUWhvMVYrWjBTMlpiOG5KS0plMy9zMmxJTXFHM0ZkaS9RS3Q0eWViQWx6OGY5ClBZVXBzRmZEQTg5Z3grSU1nSm5sZVptdTk2ZnRXSjZmdmJSenllN216TG5zZU05TXZua1lHbGFGWmJRWnZubXMKN3ZoRmtzY3dHRlh4d21GMlBJZmU1Z3pNMDRBeVdjeTFIaVhLS2dNOXM3cGsxWUdyZGowZzdacmRBb0dCQUtLNApDR3MrbkRmMEZTMFJYOWFEWVJrRTdBNy9YUFhtSG5YMkRnU1h5N0Q4NTRPaWdTTWNoUmtPNTErbVNJejNQbllvCk41T1FXM2lHVVl1M1YvYmhnc0VSUzM1V2xmRk9BdDBzRUR5bjF5SVdXcDF5dG93d3BUNkVvUXVuZ2NYZjA5RjMKS1NROXowd3M4VmsvRWkvSFVXcU5LOWFXbU51cmFaT0ZqL2REK1ZkOUFvR0FMWFN3dEE3K043RDRkN0VEMURSRQpHTWdZNVd3OHFvdDZSdUNlNkpUY0FnU3B1MkhNU3JVY2dXclpiQnJZb09FUnVNQjFoMVJydk5ybU1qQlM0VW9FClgyZC8vbGhpOG1wL2VESWN3UDNRa2puanBJRFJWMFN1eWxrUkVaZURKZjVZb3R6eDdFdkJhbzFIbkQrWEg4eUIKVUtmWGJTaHZKVUdhRmgxT3Q1Y3JoM1k9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
+ privateKey: '[redacted]'
serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUREVENDQWZXZ0F3SUJBZ0lVRUZNaFA5ZUo5WEFCV3NRNVptNmJSazJjTE5Rd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZqRVVNQklHQTFVRUF3d0xabTl2TG1KaGNpNWpiMjB3SGhjTk1qUXdNakk1TURrek1ERXdXaGNOTXpRdwpNakkyTURrek1ERXdXakFXTVJRd0VnWURWUVFEREF0bWIyOHVZbUZ5TG1OdmJUQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFKbEk2WXhFOVprQ1BzNnBDUXhickNtZWl4OVA1RGZ4OVJ1NUxENFQKSm1kVzdJS2R0UVYvd2ZMbXRzdTc2QithVGRDaldlMEJUZmVPT1JCYlIzY1BBRzZFbFFMaWNsUVVydW4zcStncwpKcEsrSTdjSStqNXc4STY4WEg1V1E3clZVdGJ3SHBxYncrY1ZuQnFJVU9MaUlhdGpJZjdLWDUxTTF1RjljZkVICkU0RG5jSDZyYnI1OS9SRlpCc2toeHM1T3p3Sklmb2hreXZGd2V1VHd4Sy9WcGpJKzdPYzQ4QUJDWHBOTzlEL3EKRWgrck9hdWpBTWNYZ0hRSVRrQ2lpVVRjVW82TFNIOXZMWlB0YXFmem9acTZuaE1xcFc2NUUxcEF3RjNqeVRUeAphNUk4SmNmU0Zqa2llWjIwTFVRTW43TThVNHhIamFvL2d2SDBDQWZkQjdSTFUyc0NBd0VBQWFOVE1GRXdIUVlEClZSME9CQllFRk9SQ0U4dS8xRERXN2loWnA3Y3g5dFNtUG02T01COEdBMVVkSXdRWU1CYUFGT1JDRTh1LzFERFcKN2loWnA3Y3g5dFNtUG02T01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQgpBRnQ1M3pqc3FUYUg1YThFMmNodm1XQWdDcnhSSzhiVkxNeGl3TkdqYm1FUFJ6K3c2TngrazBBOEtFY0lEc0tjClNYY2k1OHU0b1didFZKQmx6YS9adWpIUjZQMUJuT3BsK2FveTc4NGJiZDRQMzl3VExvWGZNZmJCQ20xdmV2aDkKQUpLbncyWnRxcjRta2JMY3hFcWxxM3NCTEZBUzlzUUxuS05DZTJjR0xkVHAyYm9HK3FjZ3lRZ0NJTTZmOEVNdgpXUGlmQ01NR3V6Sy9HUkY0YlBPL1lGNDhld0R1M1VlaWgwWFhkVUFPRTlDdFVhOE5JaGMxVVBhT3pQcnRZVnFyClpPR2t2L0t1K0I3OGg4U0VzTzlYclFjdXdiT25KeDZLdFIrYWV5a3ZBcFhDUTNmWkMvYllLQUFSK1A4QUpvUVoKYndJVW1YaTRnajVtK2JLUGhlK2lyK0U9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
ciphers:
- cipher1
@@ -234,7 +234,7 @@ xdsIR:
- h2
certificates:
- name: envoy-gateway/tls-secret-1
- privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2QwZlBDYWtweE1nUnUKT0VXQjFiQk5FM3ZseW55aTZWbkV2VWF1OUhvakR2UHVPTFJIaGI4MmoyY1ovMHhnL1lKR09LelBuV2JERkxGNApHdWh3dDRENmFUR0xYNklPODEwTDZ0SXZIWGZNUXRJS2VwdTZ3K3p1WVo4bG1yejB1RjZlWEtqamVIbHhyb2ZrCnVNekM3OUVaU0lYZlZlczJ1SmdVRSs4VGFzSDUzQ2Y4MFNSRGlIeEdxckttdVNjWCtwejBreGdCZ1VWYTVVS20KUWdTZDFmVUxLOUEwNXAxOXkrdURPM204bVhRNkxVQ0N1STFwZHNROGFlNS9zamlxa0VjWlJjMTdWYVgxWjVVaQpvcGZnNW9SY05VTG9VTHNiek9aNTR0YlVDUmdSV2VLbGZxaElINEZ6OUlkVlUyR3dFdEdhMmV6TjgyMVBaQ3QzCjZhbVRIelJsQWdNQkFBRUNnZ0VBWTFGTUlLNDVXTkVNUHJ6RTZUY3NNdVV2RkdhQVZ4bVk5NW5SMEtwajdvb3IKY21CVys2ZXN0TTQ4S1AwaitPbXd3VFpMY29Cd3VoWGN0V1Bob1lXcDhteWUxRUlEdjNyaHRHMDdocEQ1NGg2dgpCZzh3ejdFYStzMk9sT0N6UnlKNzBSY281YlhjWDNGaGJjdnFlRWJwaFFyQnpOSEtLMjZ4cmZqNWZIT3p6T1FGCmJHdUZ3SDVic3JGdFhlajJXM3c4eW90N0ZQSDV3S3RpdnhvSWU5RjMyOXNnOU9EQnZqWnpiaG1LVTArckFTK1kKRGVield2bFJyaEUrbXVmQTN6M0N0QXhDOFJpNzNscFNoTDRQQWlvcG1SUXlxZXRXMjYzOFFxcnM0R3hnNzhwbApJUXJXTmNBc2s3Slg5d3RZenV6UFBXSXRWTTFscFJiQVRhNTJqdFl2NVFLQmdRRE5tMTFtZTRYam1ZSFV2cStZCmFTUzdwK2UybXZEMHVaOU9JeFluQnBWMGkrckNlYnFFMkE1Rm5hcDQ5Yld4QTgwUElldlVkeUpCL2pUUkoxcVMKRUpXQkpMWm1LVkg2K1QwdWw1ZUtOcWxFTFZHU0dCSXNpeE9SUXpDZHBoMkx0UmtBMHVjSVUzY3hiUmVMZkZCRQpiSkdZWENCdlNGcWd0VDlvZTFldVpMVmFOd0tCZ1FERWdENzJENk81eGIweEQ1NDQ1M0RPMUJhZmd6aThCWDRTCk1SaVd2LzFUQ0w5N05sRWtoeXovNmtQd1owbXJRcE5CMzZFdkpKZFVteHdkU2MyWDhrOGcxMC85NVlLQkdWQWoKL3d0YVZYbE9WeEFvK0ZSelpZeFpyQ29uWWFSMHVwUzFybDRtenN4REhlZU9mUVZUTUgwUjdZN0pnbTA5dXQ4SwplanAvSXZBb1F3S0JnQjNaRWlRUWhvMVYrWjBTMlpiOG5KS0plMy9zMmxJTXFHM0ZkaS9RS3Q0eWViQWx6OGY5ClBZVXBzRmZEQTg5Z3grSU1nSm5sZVptdTk2ZnRXSjZmdmJSenllN216TG5zZU05TXZua1lHbGFGWmJRWnZubXMKN3ZoRmtzY3dHRlh4d21GMlBJZmU1Z3pNMDRBeVdjeTFIaVhLS2dNOXM3cGsxWUdyZGowZzdacmRBb0dCQUtLNApDR3MrbkRmMEZTMFJYOWFEWVJrRTdBNy9YUFhtSG5YMkRnU1h5N0Q4NTRPaWdTTWNoUmtPNTErbVNJejNQbllvCk41T1FXM2lHVVl1M1YvYmhnc0VSUzM1V2xmRk9BdDBzRUR5bjF5SVdXcDF5dG93d3BUNkVvUXVuZ2NYZjA5RjMKS1NROXowd3M4VmsvRWkvSFVXcU5LOWFXbU51cmFaT0ZqL2REK1ZkOUFvR0FMWFN3dEE3K043RDRkN0VEMURSRQpHTWdZNVd3OHFvdDZSdUNlNkpUY0FnU3B1MkhNU3JVY2dXclpiQnJZb09FUnVNQjFoMVJydk5ybU1qQlM0VW9FClgyZC8vbGhpOG1wL2VESWN3UDNRa2puanBJRFJWMFN1eWxrUkVaZURKZjVZb3R6eDdFdkJhbzFIbkQrWEg4eUIKVUtmWGJTaHZKVUdhRmgxT3Q1Y3JoM1k9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
+ privateKey: '[redacted]'
serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUREVENDQWZXZ0F3SUJBZ0lVRUZNaFA5ZUo5WEFCV3NRNVptNmJSazJjTE5Rd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZqRVVNQklHQTFVRUF3d0xabTl2TG1KaGNpNWpiMjB3SGhjTk1qUXdNakk1TURrek1ERXdXaGNOTXpRdwpNakkyTURrek1ERXdXakFXTVJRd0VnWURWUVFEREF0bWIyOHVZbUZ5TG1OdmJUQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFKbEk2WXhFOVprQ1BzNnBDUXhickNtZWl4OVA1RGZ4OVJ1NUxENFQKSm1kVzdJS2R0UVYvd2ZMbXRzdTc2QithVGRDaldlMEJUZmVPT1JCYlIzY1BBRzZFbFFMaWNsUVVydW4zcStncwpKcEsrSTdjSStqNXc4STY4WEg1V1E3clZVdGJ3SHBxYncrY1ZuQnFJVU9MaUlhdGpJZjdLWDUxTTF1RjljZkVICkU0RG5jSDZyYnI1OS9SRlpCc2toeHM1T3p3Sklmb2hreXZGd2V1VHd4Sy9WcGpJKzdPYzQ4QUJDWHBOTzlEL3EKRWgrck9hdWpBTWNYZ0hRSVRrQ2lpVVRjVW82TFNIOXZMWlB0YXFmem9acTZuaE1xcFc2NUUxcEF3RjNqeVRUeAphNUk4SmNmU0Zqa2llWjIwTFVRTW43TThVNHhIamFvL2d2SDBDQWZkQjdSTFUyc0NBd0VBQWFOVE1GRXdIUVlEClZSME9CQllFRk9SQ0U4dS8xRERXN2loWnA3Y3g5dFNtUG02T01COEdBMVVkSXdRWU1CYUFGT1JDRTh1LzFERFcKN2loWnA3Y3g5dFNtUG02T01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQgpBRnQ1M3pqc3FUYUg1YThFMmNodm1XQWdDcnhSSzhiVkxNeGl3TkdqYm1FUFJ6K3c2TngrazBBOEtFY0lEc0tjClNYY2k1OHU0b1didFZKQmx6YS9adWpIUjZQMUJuT3BsK2FveTc4NGJiZDRQMzl3VExvWGZNZmJCQ20xdmV2aDkKQUpLbncyWnRxcjRta2JMY3hFcWxxM3NCTEZBUzlzUUxuS05DZTJjR0xkVHAyYm9HK3FjZ3lRZ0NJTTZmOEVNdgpXUGlmQ01NR3V6Sy9HUkY0YlBPL1lGNDhld0R1M1VlaWgwWFhkVUFPRTlDdFVhOE5JaGMxVVBhT3pQcnRZVnFyClpPR2t2L0t1K0I3OGg4U0VzTzlYclFjdXdiT25KeDZLdFIrYWV5a3ZBcFhDUTNmWkMvYllLQUFSK1A4QUpvUVoKYndJVW1YaTRnajVtK2JLUGhlK2lyK0U9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
ciphers:
- cipher1
@@ -246,7 +246,7 @@ xdsIR:
signatureAlgorithms:
- sig1
- sig2
- - address: 0.0.0.0
+ - address: '::'
connection:
bufferLimit: 50000000
limit:
diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-headers-error.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-headers-error.out.yaml
index 9eee58d7df7..5a27962f198 100644
--- a/internal/gatewayapi/testdata/clienttrafficpolicy-headers-error.out.yaml
+++ b/internal/gatewayapi/testdata/clienttrafficpolicy-headers-error.out.yaml
@@ -107,7 +107,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
headers:
enableEnvoyHeaders: true
preserveXRequestID: true
diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-headers.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-headers.out.yaml
index 4e66bd91c64..8cc87a5b639 100644
--- a/internal/gatewayapi/testdata/clienttrafficpolicy-headers.out.yaml
+++ b/internal/gatewayapi/testdata/clienttrafficpolicy-headers.out.yaml
@@ -141,7 +141,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
headers:
earlyAddRequestHeaders:
- append: true
@@ -170,7 +170,7 @@ xdsIR:
escapedSlashesAction: UnescapeAndRedirect
mergeSlashes: true
port: 10080
- - address: 0.0.0.0
+ - address: '::'
headers:
earlyAddRequestHeaders:
- append: true
diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-http-health-check.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-http-health-check.out.yaml
index f41c8fd3a2c..02f8f67aab8 100644
--- a/internal/gatewayapi/testdata/clienttrafficpolicy-http-health-check.out.yaml
+++ b/internal/gatewayapi/testdata/clienttrafficpolicy-http-health-check.out.yaml
@@ -89,7 +89,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
healthCheck:
path: /ready
hostnames:
diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-http10.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-http10.out.yaml
index 8561d93004a..3343e3028ba 100644
--- a/internal/gatewayapi/testdata/clienttrafficpolicy-http10.out.yaml
+++ b/internal/gatewayapi/testdata/clienttrafficpolicy-http10.out.yaml
@@ -454,7 +454,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
http1:
@@ -470,7 +470,7 @@ xdsIR:
escapedSlashesAction: UnescapeAndRedirect
mergeSlashes: true
port: 10080
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- www.example.com
http1:
@@ -487,7 +487,7 @@ xdsIR:
escapedSlashesAction: UnescapeAndRedirect
mergeSlashes: true
port: 8080
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
http1: {}
@@ -502,7 +502,7 @@ xdsIR:
escapedSlashesAction: UnescapeAndRedirect
mergeSlashes: true
port: 8081
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
http1:
@@ -537,7 +537,7 @@ xdsIR:
distinct: false
name: ""
prefix: /
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
http1: {}
diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-http2.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-http2.out.yaml
index 3de4101c8c6..10aec8cce97 100644
--- a/internal/gatewayapi/testdata/clienttrafficpolicy-http2.out.yaml
+++ b/internal/gatewayapi/testdata/clienttrafficpolicy-http2.out.yaml
@@ -163,7 +163,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
http2:
@@ -181,7 +181,7 @@ xdsIR:
escapedSlashesAction: UnescapeAndRedirect
mergeSlashes: true
port: 10080
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- www.example.com
http2:
diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-http3.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-http3.out.yaml
index 814335baf87..3166e9aa700 100644
--- a/internal/gatewayapi/testdata/clienttrafficpolicy-http3.out.yaml
+++ b/internal/gatewayapi/testdata/clienttrafficpolicy-http3.out.yaml
@@ -131,7 +131,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
http3:
@@ -172,7 +172,7 @@ xdsIR:
alpnProtocols: null
certificates:
- name: envoy-gateway/tls-secret-1
- privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2QwZlBDYWtweE1nUnUKT0VXQjFiQk5FM3ZseW55aTZWbkV2VWF1OUhvakR2UHVPTFJIaGI4MmoyY1ovMHhnL1lKR09LelBuV2JERkxGNApHdWh3dDRENmFUR0xYNklPODEwTDZ0SXZIWGZNUXRJS2VwdTZ3K3p1WVo4bG1yejB1RjZlWEtqamVIbHhyb2ZrCnVNekM3OUVaU0lYZlZlczJ1SmdVRSs4VGFzSDUzQ2Y4MFNSRGlIeEdxckttdVNjWCtwejBreGdCZ1VWYTVVS20KUWdTZDFmVUxLOUEwNXAxOXkrdURPM204bVhRNkxVQ0N1STFwZHNROGFlNS9zamlxa0VjWlJjMTdWYVgxWjVVaQpvcGZnNW9SY05VTG9VTHNiek9aNTR0YlVDUmdSV2VLbGZxaElINEZ6OUlkVlUyR3dFdEdhMmV6TjgyMVBaQ3QzCjZhbVRIelJsQWdNQkFBRUNnZ0VBWTFGTUlLNDVXTkVNUHJ6RTZUY3NNdVV2RkdhQVZ4bVk5NW5SMEtwajdvb3IKY21CVys2ZXN0TTQ4S1AwaitPbXd3VFpMY29Cd3VoWGN0V1Bob1lXcDhteWUxRUlEdjNyaHRHMDdocEQ1NGg2dgpCZzh3ejdFYStzMk9sT0N6UnlKNzBSY281YlhjWDNGaGJjdnFlRWJwaFFyQnpOSEtLMjZ4cmZqNWZIT3p6T1FGCmJHdUZ3SDVic3JGdFhlajJXM3c4eW90N0ZQSDV3S3RpdnhvSWU5RjMyOXNnOU9EQnZqWnpiaG1LVTArckFTK1kKRGVield2bFJyaEUrbXVmQTN6M0N0QXhDOFJpNzNscFNoTDRQQWlvcG1SUXlxZXRXMjYzOFFxcnM0R3hnNzhwbApJUXJXTmNBc2s3Slg5d3RZenV6UFBXSXRWTTFscFJiQVRhNTJqdFl2NVFLQmdRRE5tMTFtZTRYam1ZSFV2cStZCmFTUzdwK2UybXZEMHVaOU9JeFluQnBWMGkrckNlYnFFMkE1Rm5hcDQ5Yld4QTgwUElldlVkeUpCL2pUUkoxcVMKRUpXQkpMWm1LVkg2K1QwdWw1ZUtOcWxFTFZHU0dCSXNpeE9SUXpDZHBoMkx0UmtBMHVjSVUzY3hiUmVMZkZCRQpiSkdZWENCdlNGcWd0VDlvZTFldVpMVmFOd0tCZ1FERWdENzJENk81eGIweEQ1NDQ1M0RPMUJhZmd6aThCWDRTCk1SaVd2LzFUQ0w5N05sRWtoeXovNmtQd1owbXJRcE5CMzZFdkpKZFVteHdkU2MyWDhrOGcxMC85NVlLQkdWQWoKL3d0YVZYbE9WeEFvK0ZSelpZeFpyQ29uWWFSMHVwUzFybDRtenN4REhlZU9mUVZUTUgwUjdZN0pnbTA5dXQ4SwplanAvSXZBb1F3S0JnQjNaRWlRUWhvMVYrWjBTMlpiOG5KS0plMy9zMmxJTXFHM0ZkaS9RS3Q0eWViQWx6OGY5ClBZVXBzRmZEQTg5Z3grSU1nSm5sZVptdTk2ZnRXSjZmdmJSenllN216TG5zZU05TXZua1lHbGFGWmJRWnZubXMKN3ZoRmtzY3dHRlh4d21GMlBJZmU1Z3pNMDRBeVdjeTFIaVhLS2dNOXM3cGsxWUdyZGowZzdacmRBb0dCQUtLNApDR3MrbkRmMEZTMFJYOWFEWVJrRTdBNy9YUFhtSG5YMkRnU1h5N0Q4NTRPaWdTTWNoUmtPNTErbVNJejNQbllvCk41T1FXM2lHVVl1M1YvYmhnc0VSUzM1V2xmRk9BdDBzRUR5bjF5SVdXcDF5dG93d3BUNkVvUXVuZ2NYZjA5RjMKS1NROXowd3M4VmsvRWkvSFVXcU5LOWFXbU51cmFaT0ZqL2REK1ZkOUFvR0FMWFN3dEE3K043RDRkN0VEMURSRQpHTWdZNVd3OHFvdDZSdUNlNkpUY0FnU3B1MkhNU3JVY2dXclpiQnJZb09FUnVNQjFoMVJydk5ybU1qQlM0VW9FClgyZC8vbGhpOG1wL2VESWN3UDNRa2puanBJRFJWMFN1eWxrUkVaZURKZjVZb3R6eDdFdkJhbzFIbkQrWEg4eUIKVUtmWGJTaHZKVUdhRmgxT3Q1Y3JoM1k9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
+ privateKey: '[redacted]'
serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUREVENDQWZXZ0F3SUJBZ0lVRUZNaFA5ZUo5WEFCV3NRNVptNmJSazJjTE5Rd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZqRVVNQklHQTFVRUF3d0xabTl2TG1KaGNpNWpiMjB3SGhjTk1qUXdNakk1TURrek1ERXdXaGNOTXpRdwpNakkyTURrek1ERXdXakFXTVJRd0VnWURWUVFEREF0bWIyOHVZbUZ5TG1OdmJUQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFKbEk2WXhFOVprQ1BzNnBDUXhickNtZWl4OVA1RGZ4OVJ1NUxENFQKSm1kVzdJS2R0UVYvd2ZMbXRzdTc2QithVGRDaldlMEJUZmVPT1JCYlIzY1BBRzZFbFFMaWNsUVVydW4zcStncwpKcEsrSTdjSStqNXc4STY4WEg1V1E3clZVdGJ3SHBxYncrY1ZuQnFJVU9MaUlhdGpJZjdLWDUxTTF1RjljZkVICkU0RG5jSDZyYnI1OS9SRlpCc2toeHM1T3p3Sklmb2hreXZGd2V1VHd4Sy9WcGpJKzdPYzQ4QUJDWHBOTzlEL3EKRWgrck9hdWpBTWNYZ0hRSVRrQ2lpVVRjVW82TFNIOXZMWlB0YXFmem9acTZuaE1xcFc2NUUxcEF3RjNqeVRUeAphNUk4SmNmU0Zqa2llWjIwTFVRTW43TThVNHhIamFvL2d2SDBDQWZkQjdSTFUyc0NBd0VBQWFOVE1GRXdIUVlEClZSME9CQllFRk9SQ0U4dS8xRERXN2loWnA3Y3g5dFNtUG02T01COEdBMVVkSXdRWU1CYUFGT1JDRTh1LzFERFcKN2loWnA3Y3g5dFNtUG02T01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQgpBRnQ1M3pqc3FUYUg1YThFMmNodm1XQWdDcnhSSzhiVkxNeGl3TkdqYm1FUFJ6K3c2TngrazBBOEtFY0lEc0tjClNYY2k1OHU0b1didFZKQmx6YS9adWpIUjZQMUJuT3BsK2FveTc4NGJiZDRQMzl3VExvWGZNZmJCQ20xdmV2aDkKQUpLbncyWnRxcjRta2JMY3hFcWxxM3NCTEZBUzlzUUxuS05DZTJjR0xkVHAyYm9HK3FjZ3lRZ0NJTTZmOEVNdgpXUGlmQ01NR3V6Sy9HUkY0YlBPL1lGNDhld0R1M1VlaWgwWFhkVUFPRTlDdFVhOE5JaGMxVVBhT3pQcnRZVnFyClpPR2t2L0t1K0I3OGg4U0VzTzlYclFjdXdiT25KeDZLdFIrYWV5a3ZBcFhDUTNmWkMvYllLQUFSK1A4QUpvUVoKYndJVW1YaTRnajVtK2JLUGhlK2lyK0U9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
maxVersion: "1.3"
minVersion: "1.2"
diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-idle-timeout-with-error.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-idle-timeout-with-error.out.yaml
index 94775b0aeab..8052587d753 100644
--- a/internal/gatewayapi/testdata/clienttrafficpolicy-idle-timeout-with-error.out.yaml
+++ b/internal/gatewayapi/testdata/clienttrafficpolicy-idle-timeout-with-error.out.yaml
@@ -90,7 +90,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-idle-timeout.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-idle-timeout.out.yaml
index e728cd78c63..af9a6f0c389 100644
--- a/internal/gatewayapi/testdata/clienttrafficpolicy-idle-timeout.out.yaml
+++ b/internal/gatewayapi/testdata/clienttrafficpolicy-idle-timeout.out.yaml
@@ -128,7 +128,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -145,7 +145,7 @@ xdsIR:
timeout:
http:
idleTimeout: 10s
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-mtls-client-verification.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-mtls-client-verification.out.yaml
index 4cac0b62d34..0846607806c 100644
--- a/internal/gatewayapi/testdata/clienttrafficpolicy-mtls-client-verification.out.yaml
+++ b/internal/gatewayapi/testdata/clienttrafficpolicy-mtls-client-verification.out.yaml
@@ -232,7 +232,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -253,12 +253,12 @@ xdsIR:
name: envoy-gateway/target-gateway-1/ca.crt
certificates:
- name: envoy-gateway/tls-secret-1
- privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQzc3aHZBUEFlRlJucS8KdHBHVmRKTmVjYWFqSzZrUXlDalk1ci9wWHhOQmE5dldWUUhVbkNXVk95bHBFZGg2T2ZZbUdnb0phdE1UVFlBWAorVml2TFM5WHBIOG5QQ1lhWm9CZGkyUDQxZGtuazJSekZabWwvWFI1SFp0RFpqZURPM3d2Qkpvbm0rTXhQN0JrCjVMZ2U5aEZIUndqRWJMY1k3dys3enE4QkRBeUlIdjdPSjNhN3g5L2pYMlJaRnU3TzVyNXlmRVE2RnNLY3pURG8Kb0N4ZFVrTklndHBWQ29ETEt2Ykw2MW5kTnVsZTMvbURtL3YyU3lUSHVkMVM1ZHFzcDhrSmR1OFhVUmZjMllFbApGS1d2QnRuamgvanJMTVhGY2FoVi9veEpyQ0h1dC9QQ0xiQlRBalRldVNEYXVTN09IYkpSREt3bUg3b1Z2eUlDCmFJeWFZY1pOQWdNQkFBRUNnZ0VBSG1McVd4NHZCbk9ybHFLMGVNLzM5c1lLOEVpTTlra0c5eHRJWGVSTGxCWnIKM2dTeUNSTStXRzk2ZGZkaFkxSDFPa1ZDUGpJOFNEQzRkMzA2Ymw0Ris2RW93TXFrUytjcTlrcDYzYTg3aE5TbQpOMGdxSnl3TGV5YzRXdll2ZFA2c25scnd6MXE3Vk5QbXpQUXJ6b1hIQVc2N2tpeHA1cFF3OG1oVzVQcHlidkp5Clo2TERCZGRSZkVma2ZXVnZUUk5YWUVDUEllUStST05jR3JvVzZ5RXRrbk1BWUJjdjRlNUhCQkkrcHdyYmsrOVMKY2FQYUVjdm4vS0lyT3NpVW1FT2wwb3JXVnhkbjRmMy9MNmlFZFgyZHhIdXlwYkFiL0Qwak1MSzBwb3kyaXYyTApyOGI5VUQrRVZFNmFTVnp0MFRHbVpJYUdRVVZDQnVDTDhodlYwSU9PV1FLQmdRRGplL3JXdmk4Rndia3BRNDA0CnFQcitBaEFwaG1pV3l1a1B1VmJLN2Q5ZkdURzRHOW9Bd2wzYlFoRGVUNHhjMzd0cjlkcCtpamJuWnpKWHczL1cKcm5xTDlGWkZsVXZCYXN6c05VK1lRNmJVOE9zTXl6cURSdGJaaytVWEowUEx6QzZKWHFkNTFZdVVDM3NwL2lmNwpqWEZrME55aHcrdkY3VU51N0ZFSzVuWEUwd0tCZ1FEVGZOT0RLYmZyalNkZEhkV05iOHhkN2pGMlZSY3hTTnRUCit0L0FmbkRjZG8zK1NBUnJaRi9TM0hZWUxxL0l4dmZ5ZHdIblUxdC9INkxDZjBnQ2RXS2NXL1hway93ZUo1QXYKWmdaZjBPTXZsOXF0THJhTU44OG1HblV4K2IxdHZLWm4xQVcySFNuYXd2Z0kvMWVjSldNRUJiYkREbkx4cUpMegowTHJhT2pYVVh3S0JnRGlBbE44OXdjUTJSOTFkNy9mQTBRYkNVRzFmK3g1cEs5WkIvTExPdm9xS1lYVVBSZWltClhsV1ZaVWN5anZTS2hhemRGZllVTW1ycmtPK0htWHNqUDBELzRXWExIVlBmU1NMcVl1aTQ5UGt6RmM3SnM3RGoKcVgzRlpFT0o5eWJwZ2kyUW14eUIwL2RqbXFYbGdOelVWdlBwaE1PUlBFQ2ZHLzZ6SjdZRFpBRU5Bb0dBSElVcQo2UGRKVEVTKzJEbmJ3TFVnOUZIWTdjSlAzRitjNUZoaXNFemMzMzVGYTlNK2RWVVY3eE80QVU3YWVkTUxRUEYzCm1rQ05pRGsxODlEQ1gwS0JSK0RHNnZiLyt2a080clY1aXBaYTdPSW5wVTgxWXZkcndoR3pXRWY3bWI3bEdmOW4KdmNWMURZRlpmYTBoblhjVlFVZWIrL1lJM2pvRGgwblF5UGtzcFRVQ2dZRUF0NERNajdZbStRS2J2bTJXaWNlcAo1Q2s3YWFMSUxuVHZqbGRLMkdjM2loOGVGRlE2Vy9pcUc1UUEzeHMwem8xVnhlUkhPWGkrK01xWjVWTVZMZFRWCjMxWXZOeUdPbVByTitZemVINmlTYXd5VXo2dW1UN1ZkMXRuUEJ1SmdPMFM3RnRlb01BckE3TGtDcUVhMDc4bS8KRXNxNzZjYW1WdW5kRXFTRWhGMllYNkU9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
+ privateKey: '[redacted]'
serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM0RENDQWNnQ0FRQXdEUVlKS29aSWh2Y05BUUVMQlFBd0xURVZNQk1HQTFVRUNnd01aWGhoYlhCc1pTQkoKYm1NdU1SUXdFZ1lEVlFRRERBdGxlR0Z0Y0d4bExtTnZiVEFlRncweU5EQXhNall5TXpFMU16RmFGdzB5TlRBeApNalV5TXpFMU16RmFNRDh4R1RBWEJnTlZCQU1NRUdWa1oyVXVaWGhoYlhCc1pTNWpiMjB4SWpBZ0JnTlZCQW9NCkdXVmtaMlVnWlhoaGJYQnNaU0J2Y21kaGJtbDZZWFJwYjI0d2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUIKRHdBd2dnRUtBb0lCQVFDNzdodkFQQWVGUm5xL3RwR1ZkSk5lY2Fhaks2a1F5Q2pZNXIvcFh4TkJhOXZXVlFIVQpuQ1dWT3lscEVkaDZPZlltR2dvSmF0TVRUWUFYK1ZpdkxTOVhwSDhuUENZYVpvQmRpMlA0MWRrbmsyUnpGWm1sCi9YUjVIWnREWmplRE8zd3ZCSm9ubStNeFA3Qms1TGdlOWhGSFJ3akViTGNZN3crN3pxOEJEQXlJSHY3T0ozYTcKeDkvalgyUlpGdTdPNXI1eWZFUTZGc0tjelREb29DeGRVa05JZ3RwVkNvRExLdmJMNjFuZE51bGUzL21EbS92MgpTeVRIdWQxUzVkcXNwOGtKZHU4WFVSZmMyWUVsRktXdkJ0bmpoL2pyTE1YRmNhaFYvb3hKckNIdXQvUENMYkJUCkFqVGV1U0RhdVM3T0hiSlJES3dtSDdvVnZ5SUNhSXlhWWNaTkFnTUJBQUV3RFFZSktvWklodmNOQVFFTEJRQUQKZ2dFQkFHeW5yNGNPMWFZbjRNQk90aVJ2WHFJdllHNnpxZXNrNGpQbU96TjdiUTdyRzdNUngzSVQ2SW4zVFI4RApHbFAxVE54TTg5cXZRcXp4VERsdER3bXluTlV1SEdEUW4yV1Z1OFEyK0RqRnFoc3B1WHp0NnhVK2RoVVBxUnV1Ckt6c1l4TDNpMVlWZ2pDQWtBUmp4SGhMWHYwdkFUWUVRMlJ6Uko5c2ZGcWVCMHVxSk5WL0lHamJFSzQ2eTQ5QU0KNzU4TUY4T0R6cVR2Q3hMRjJYd3BScjdjSDFuZ2J4eUJ6cEdlbkpsVTI2Q2hJT1BMZUV1NTUyUVJYVGwrU2JlQQpXUzNpS01Pb3F5NGV0b0ExNWFueW43Zm01YnpINEcyZ3Yxd1pWYlBkT1dNQWRZU2I5NDIvR09CSWUzSnIyVHo3CjRJdDRROWFERnF1aG9iOTVQMUhHQkxSQ2Y5QT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
maxVersion: "1.3"
minVersion: "1.2"
requireClientCertificate: true
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -277,7 +277,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -298,7 +298,7 @@ xdsIR:
name: envoy-gateway/target-gateway-2/ca.crt
certificates:
- name: envoy-gateway/tls-secret-1
- privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQzc3aHZBUEFlRlJucS8KdHBHVmRKTmVjYWFqSzZrUXlDalk1ci9wWHhOQmE5dldWUUhVbkNXVk95bHBFZGg2T2ZZbUdnb0phdE1UVFlBWAorVml2TFM5WHBIOG5QQ1lhWm9CZGkyUDQxZGtuazJSekZabWwvWFI1SFp0RFpqZURPM3d2Qkpvbm0rTXhQN0JrCjVMZ2U5aEZIUndqRWJMY1k3dys3enE4QkRBeUlIdjdPSjNhN3g5L2pYMlJaRnU3TzVyNXlmRVE2RnNLY3pURG8Kb0N4ZFVrTklndHBWQ29ETEt2Ykw2MW5kTnVsZTMvbURtL3YyU3lUSHVkMVM1ZHFzcDhrSmR1OFhVUmZjMllFbApGS1d2QnRuamgvanJMTVhGY2FoVi9veEpyQ0h1dC9QQ0xiQlRBalRldVNEYXVTN09IYkpSREt3bUg3b1Z2eUlDCmFJeWFZY1pOQWdNQkFBRUNnZ0VBSG1McVd4NHZCbk9ybHFLMGVNLzM5c1lLOEVpTTlra0c5eHRJWGVSTGxCWnIKM2dTeUNSTStXRzk2ZGZkaFkxSDFPa1ZDUGpJOFNEQzRkMzA2Ymw0Ris2RW93TXFrUytjcTlrcDYzYTg3aE5TbQpOMGdxSnl3TGV5YzRXdll2ZFA2c25scnd6MXE3Vk5QbXpQUXJ6b1hIQVc2N2tpeHA1cFF3OG1oVzVQcHlidkp5Clo2TERCZGRSZkVma2ZXVnZUUk5YWUVDUEllUStST05jR3JvVzZ5RXRrbk1BWUJjdjRlNUhCQkkrcHdyYmsrOVMKY2FQYUVjdm4vS0lyT3NpVW1FT2wwb3JXVnhkbjRmMy9MNmlFZFgyZHhIdXlwYkFiL0Qwak1MSzBwb3kyaXYyTApyOGI5VUQrRVZFNmFTVnp0MFRHbVpJYUdRVVZDQnVDTDhodlYwSU9PV1FLQmdRRGplL3JXdmk4Rndia3BRNDA0CnFQcitBaEFwaG1pV3l1a1B1VmJLN2Q5ZkdURzRHOW9Bd2wzYlFoRGVUNHhjMzd0cjlkcCtpamJuWnpKWHczL1cKcm5xTDlGWkZsVXZCYXN6c05VK1lRNmJVOE9zTXl6cURSdGJaaytVWEowUEx6QzZKWHFkNTFZdVVDM3NwL2lmNwpqWEZrME55aHcrdkY3VU51N0ZFSzVuWEUwd0tCZ1FEVGZOT0RLYmZyalNkZEhkV05iOHhkN2pGMlZSY3hTTnRUCit0L0FmbkRjZG8zK1NBUnJaRi9TM0hZWUxxL0l4dmZ5ZHdIblUxdC9INkxDZjBnQ2RXS2NXL1hway93ZUo1QXYKWmdaZjBPTXZsOXF0THJhTU44OG1HblV4K2IxdHZLWm4xQVcySFNuYXd2Z0kvMWVjSldNRUJiYkREbkx4cUpMegowTHJhT2pYVVh3S0JnRGlBbE44OXdjUTJSOTFkNy9mQTBRYkNVRzFmK3g1cEs5WkIvTExPdm9xS1lYVVBSZWltClhsV1ZaVWN5anZTS2hhemRGZllVTW1ycmtPK0htWHNqUDBELzRXWExIVlBmU1NMcVl1aTQ5UGt6RmM3SnM3RGoKcVgzRlpFT0o5eWJwZ2kyUW14eUIwL2RqbXFYbGdOelVWdlBwaE1PUlBFQ2ZHLzZ6SjdZRFpBRU5Bb0dBSElVcQo2UGRKVEVTKzJEbmJ3TFVnOUZIWTdjSlAzRitjNUZoaXNFemMzMzVGYTlNK2RWVVY3eE80QVU3YWVkTUxRUEYzCm1rQ05pRGsxODlEQ1gwS0JSK0RHNnZiLyt2a080clY1aXBaYTdPSW5wVTgxWXZkcndoR3pXRWY3bWI3bEdmOW4KdmNWMURZRlpmYTBoblhjVlFVZWIrL1lJM2pvRGgwblF5UGtzcFRVQ2dZRUF0NERNajdZbStRS2J2bTJXaWNlcAo1Q2s3YWFMSUxuVHZqbGRLMkdjM2loOGVGRlE2Vy9pcUc1UUEzeHMwem8xVnhlUkhPWGkrK01xWjVWTVZMZFRWCjMxWXZOeUdPbVByTitZemVINmlTYXd5VXo2dW1UN1ZkMXRuUEJ1SmdPMFM3RnRlb01BckE3TGtDcUVhMDc4bS8KRXNxNzZjYW1WdW5kRXFTRWhGMllYNkU9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
+ privateKey: '[redacted]'
serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM0RENDQWNnQ0FRQXdEUVlKS29aSWh2Y05BUUVMQlFBd0xURVZNQk1HQTFVRUNnd01aWGhoYlhCc1pTQkoKYm1NdU1SUXdFZ1lEVlFRRERBdGxlR0Z0Y0d4bExtTnZiVEFlRncweU5EQXhNall5TXpFMU16RmFGdzB5TlRBeApNalV5TXpFMU16RmFNRDh4R1RBWEJnTlZCQU1NRUdWa1oyVXVaWGhoYlhCc1pTNWpiMjB4SWpBZ0JnTlZCQW9NCkdXVmtaMlVnWlhoaGJYQnNaU0J2Y21kaGJtbDZZWFJwYjI0d2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUIKRHdBd2dnRUtBb0lCQVFDNzdodkFQQWVGUm5xL3RwR1ZkSk5lY2Fhaks2a1F5Q2pZNXIvcFh4TkJhOXZXVlFIVQpuQ1dWT3lscEVkaDZPZlltR2dvSmF0TVRUWUFYK1ZpdkxTOVhwSDhuUENZYVpvQmRpMlA0MWRrbmsyUnpGWm1sCi9YUjVIWnREWmplRE8zd3ZCSm9ubStNeFA3Qms1TGdlOWhGSFJ3akViTGNZN3crN3pxOEJEQXlJSHY3T0ozYTcKeDkvalgyUlpGdTdPNXI1eWZFUTZGc0tjelREb29DeGRVa05JZ3RwVkNvRExLdmJMNjFuZE51bGUzL21EbS92MgpTeVRIdWQxUzVkcXNwOGtKZHU4WFVSZmMyWUVsRktXdkJ0bmpoL2pyTE1YRmNhaFYvb3hKckNIdXQvUENMYkJUCkFqVGV1U0RhdVM3T0hiSlJES3dtSDdvVnZ5SUNhSXlhWWNaTkFnTUJBQUV3RFFZSktvWklodmNOQVFFTEJRQUQKZ2dFQkFHeW5yNGNPMWFZbjRNQk90aVJ2WHFJdllHNnpxZXNrNGpQbU96TjdiUTdyRzdNUngzSVQ2SW4zVFI4RApHbFAxVE54TTg5cXZRcXp4VERsdER3bXluTlV1SEdEUW4yV1Z1OFEyK0RqRnFoc3B1WHp0NnhVK2RoVVBxUnV1Ckt6c1l4TDNpMVlWZ2pDQWtBUmp4SGhMWHYwdkFUWUVRMlJ6Uko5c2ZGcWVCMHVxSk5WL0lHamJFSzQ2eTQ5QU0KNzU4TUY4T0R6cVR2Q3hMRjJYd3BScjdjSDFuZ2J4eUJ6cEdlbkpsVTI2Q2hJT1BMZUV1NTUyUVJYVGwrU2JlQQpXUzNpS01Pb3F5NGV0b0ExNWFueW43Zm01YnpINEcyZ3Yxd1pWYlBkT1dNQWRZU2I5NDIvR09CSWUzSnIyVHo3CjRJdDRROWFERnF1aG9iOTVQMUhHQkxSQ2Y5QT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
maxVersion: "1.3"
minVersion: "1.2"
diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-mtls-forward-client-cert-custom-data.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-mtls-forward-client-cert-custom-data.out.yaml
index 6e47f653078..f02d213a9c4 100644
--- a/internal/gatewayapi/testdata/clienttrafficpolicy-mtls-forward-client-cert-custom-data.out.yaml
+++ b/internal/gatewayapi/testdata/clienttrafficpolicy-mtls-forward-client-cert-custom-data.out.yaml
@@ -544,7 +544,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
headers:
withUnderscoresAction: RejectRequest
xForwardedClientCert:
@@ -569,12 +569,12 @@ xdsIR:
name: envoy-gateway/target-gateway-1/ca.crt
certificates:
- name: envoy-gateway/tls-secret-1
- privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQzc3aHZBUEFlRlJucS8KdHBHVmRKTmVjYWFqSzZrUXlDalk1ci9wWHhOQmE5dldWUUhVbkNXVk95bHBFZGg2T2ZZbUdnb0phdE1UVFlBWAorVml2TFM5WHBIOG5QQ1lhWm9CZGkyUDQxZGtuazJSekZabWwvWFI1SFp0RFpqZURPM3d2Qkpvbm0rTXhQN0JrCjVMZ2U5aEZIUndqRWJMY1k3dys3enE4QkRBeUlIdjdPSjNhN3g5L2pYMlJaRnU3TzVyNXlmRVE2RnNLY3pURG8Kb0N4ZFVrTklndHBWQ29ETEt2Ykw2MW5kTnVsZTMvbURtL3YyU3lUSHVkMVM1ZHFzcDhrSmR1OFhVUmZjMllFbApGS1d2QnRuamgvanJMTVhGY2FoVi9veEpyQ0h1dC9QQ0xiQlRBalRldVNEYXVTN09IYkpSREt3bUg3b1Z2eUlDCmFJeWFZY1pOQWdNQkFBRUNnZ0VBSG1McVd4NHZCbk9ybHFLMGVNLzM5c1lLOEVpTTlra0c5eHRJWGVSTGxCWnIKM2dTeUNSTStXRzk2ZGZkaFkxSDFPa1ZDUGpJOFNEQzRkMzA2Ymw0Ris2RW93TXFrUytjcTlrcDYzYTg3aE5TbQpOMGdxSnl3TGV5YzRXdll2ZFA2c25scnd6MXE3Vk5QbXpQUXJ6b1hIQVc2N2tpeHA1cFF3OG1oVzVQcHlidkp5Clo2TERCZGRSZkVma2ZXVnZUUk5YWUVDUEllUStST05jR3JvVzZ5RXRrbk1BWUJjdjRlNUhCQkkrcHdyYmsrOVMKY2FQYUVjdm4vS0lyT3NpVW1FT2wwb3JXVnhkbjRmMy9MNmlFZFgyZHhIdXlwYkFiL0Qwak1MSzBwb3kyaXYyTApyOGI5VUQrRVZFNmFTVnp0MFRHbVpJYUdRVVZDQnVDTDhodlYwSU9PV1FLQmdRRGplL3JXdmk4Rndia3BRNDA0CnFQcitBaEFwaG1pV3l1a1B1VmJLN2Q5ZkdURzRHOW9Bd2wzYlFoRGVUNHhjMzd0cjlkcCtpamJuWnpKWHczL1cKcm5xTDlGWkZsVXZCYXN6c05VK1lRNmJVOE9zTXl6cURSdGJaaytVWEowUEx6QzZKWHFkNTFZdVVDM3NwL2lmNwpqWEZrME55aHcrdkY3VU51N0ZFSzVuWEUwd0tCZ1FEVGZOT0RLYmZyalNkZEhkV05iOHhkN2pGMlZSY3hTTnRUCit0L0FmbkRjZG8zK1NBUnJaRi9TM0hZWUxxL0l4dmZ5ZHdIblUxdC9INkxDZjBnQ2RXS2NXL1hway93ZUo1QXYKWmdaZjBPTXZsOXF0THJhTU44OG1HblV4K2IxdHZLWm4xQVcySFNuYXd2Z0kvMWVjSldNRUJiYkREbkx4cUpMegowTHJhT2pYVVh3S0JnRGlBbE44OXdjUTJSOTFkNy9mQTBRYkNVRzFmK3g1cEs5WkIvTExPdm9xS1lYVVBSZWltClhsV1ZaVWN5anZTS2hhemRGZllVTW1ycmtPK0htWHNqUDBELzRXWExIVlBmU1NMcVl1aTQ5UGt6RmM3SnM3RGoKcVgzRlpFT0o5eWJwZ2kyUW14eUIwL2RqbXFYbGdOelVWdlBwaE1PUlBFQ2ZHLzZ6SjdZRFpBRU5Bb0dBSElVcQo2UGRKVEVTKzJEbmJ3TFVnOUZIWTdjSlAzRitjNUZoaXNFemMzMzVGYTlNK2RWVVY3eE80QVU3YWVkTUxRUEYzCm1rQ05pRGsxODlEQ1gwS0JSK0RHNnZiLyt2a080clY1aXBaYTdPSW5wVTgxWXZkcndoR3pXRWY3bWI3bEdmOW4KdmNWMURZRlpmYTBoblhjVlFVZWIrL1lJM2pvRGgwblF5UGtzcFRVQ2dZRUF0NERNajdZbStRS2J2bTJXaWNlcAo1Q2s3YWFMSUxuVHZqbGRLMkdjM2loOGVGRlE2Vy9pcUc1UUEzeHMwem8xVnhlUkhPWGkrK01xWjVWTVZMZFRWCjMxWXZOeUdPbVByTitZemVINmlTYXd5VXo2dW1UN1ZkMXRuUEJ1SmdPMFM3RnRlb01BckE3TGtDcUVhMDc4bS8KRXNxNzZjYW1WdW5kRXFTRWhGMllYNkU9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
+ privateKey: '[redacted]'
serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM0RENDQWNnQ0FRQXdEUVlKS29aSWh2Y05BUUVMQlFBd0xURVZNQk1HQTFVRUNnd01aWGhoYlhCc1pTQkoKYm1NdU1SUXdFZ1lEVlFRRERBdGxlR0Z0Y0d4bExtTnZiVEFlRncweU5EQXhNall5TXpFMU16RmFGdzB5TlRBeApNalV5TXpFMU16RmFNRDh4R1RBWEJnTlZCQU1NRUdWa1oyVXVaWGhoYlhCc1pTNWpiMjB4SWpBZ0JnTlZCQW9NCkdXVmtaMlVnWlhoaGJYQnNaU0J2Y21kaGJtbDZZWFJwYjI0d2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUIKRHdBd2dnRUtBb0lCQVFDNzdodkFQQWVGUm5xL3RwR1ZkSk5lY2Fhaks2a1F5Q2pZNXIvcFh4TkJhOXZXVlFIVQpuQ1dWT3lscEVkaDZPZlltR2dvSmF0TVRUWUFYK1ZpdkxTOVhwSDhuUENZYVpvQmRpMlA0MWRrbmsyUnpGWm1sCi9YUjVIWnREWmplRE8zd3ZCSm9ubStNeFA3Qms1TGdlOWhGSFJ3akViTGNZN3crN3pxOEJEQXlJSHY3T0ozYTcKeDkvalgyUlpGdTdPNXI1eWZFUTZGc0tjelREb29DeGRVa05JZ3RwVkNvRExLdmJMNjFuZE51bGUzL21EbS92MgpTeVRIdWQxUzVkcXNwOGtKZHU4WFVSZmMyWUVsRktXdkJ0bmpoL2pyTE1YRmNhaFYvb3hKckNIdXQvUENMYkJUCkFqVGV1U0RhdVM3T0hiSlJES3dtSDdvVnZ5SUNhSXlhWWNaTkFnTUJBQUV3RFFZSktvWklodmNOQVFFTEJRQUQKZ2dFQkFHeW5yNGNPMWFZbjRNQk90aVJ2WHFJdllHNnpxZXNrNGpQbU96TjdiUTdyRzdNUngzSVQ2SW4zVFI4RApHbFAxVE54TTg5cXZRcXp4VERsdER3bXluTlV1SEdEUW4yV1Z1OFEyK0RqRnFoc3B1WHp0NnhVK2RoVVBxUnV1Ckt6c1l4TDNpMVlWZ2pDQWtBUmp4SGhMWHYwdkFUWUVRMlJ6Uko5c2ZGcWVCMHVxSk5WL0lHamJFSzQ2eTQ5QU0KNzU4TUY4T0R6cVR2Q3hMRjJYd3BScjdjSDFuZ2J4eUJ6cEdlbkpsVTI2Q2hJT1BMZUV1NTUyUVJYVGwrU2JlQQpXUzNpS01Pb3F5NGV0b0ExNWFueW43Zm01YnpINEcyZ3Yxd1pWYlBkT1dNQWRZU2I5NDIvR09CSWUzSnIyVHo3CjRJdDRROWFERnF1aG9iOTVQMUhHQkxSQ2Y5QT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
maxVersion: "1.3"
minVersion: "1.2"
requireClientCertificate: true
- - address: 0.0.0.0
+ - address: '::'
headers:
withUnderscoresAction: RejectRequest
xForwardedClientCert:
@@ -597,7 +597,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
headers:
withUnderscoresAction: RejectRequest
xForwardedClientCert:
@@ -622,7 +622,7 @@ xdsIR:
name: envoy-gateway/target-gateway-2/ca.crt
certificates:
- name: envoy-gateway/tls-secret-1
- privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQzc3aHZBUEFlRlJucS8KdHBHVmRKTmVjYWFqSzZrUXlDalk1ci9wWHhOQmE5dldWUUhVbkNXVk95bHBFZGg2T2ZZbUdnb0phdE1UVFlBWAorVml2TFM5WHBIOG5QQ1lhWm9CZGkyUDQxZGtuazJSekZabWwvWFI1SFp0RFpqZURPM3d2Qkpvbm0rTXhQN0JrCjVMZ2U5aEZIUndqRWJMY1k3dys3enE4QkRBeUlIdjdPSjNhN3g5L2pYMlJaRnU3TzVyNXlmRVE2RnNLY3pURG8Kb0N4ZFVrTklndHBWQ29ETEt2Ykw2MW5kTnVsZTMvbURtL3YyU3lUSHVkMVM1ZHFzcDhrSmR1OFhVUmZjMllFbApGS1d2QnRuamgvanJMTVhGY2FoVi9veEpyQ0h1dC9QQ0xiQlRBalRldVNEYXVTN09IYkpSREt3bUg3b1Z2eUlDCmFJeWFZY1pOQWdNQkFBRUNnZ0VBSG1McVd4NHZCbk9ybHFLMGVNLzM5c1lLOEVpTTlra0c5eHRJWGVSTGxCWnIKM2dTeUNSTStXRzk2ZGZkaFkxSDFPa1ZDUGpJOFNEQzRkMzA2Ymw0Ris2RW93TXFrUytjcTlrcDYzYTg3aE5TbQpOMGdxSnl3TGV5YzRXdll2ZFA2c25scnd6MXE3Vk5QbXpQUXJ6b1hIQVc2N2tpeHA1cFF3OG1oVzVQcHlidkp5Clo2TERCZGRSZkVma2ZXVnZUUk5YWUVDUEllUStST05jR3JvVzZ5RXRrbk1BWUJjdjRlNUhCQkkrcHdyYmsrOVMKY2FQYUVjdm4vS0lyT3NpVW1FT2wwb3JXVnhkbjRmMy9MNmlFZFgyZHhIdXlwYkFiL0Qwak1MSzBwb3kyaXYyTApyOGI5VUQrRVZFNmFTVnp0MFRHbVpJYUdRVVZDQnVDTDhodlYwSU9PV1FLQmdRRGplL3JXdmk4Rndia3BRNDA0CnFQcitBaEFwaG1pV3l1a1B1VmJLN2Q5ZkdURzRHOW9Bd2wzYlFoRGVUNHhjMzd0cjlkcCtpamJuWnpKWHczL1cKcm5xTDlGWkZsVXZCYXN6c05VK1lRNmJVOE9zTXl6cURSdGJaaytVWEowUEx6QzZKWHFkNTFZdVVDM3NwL2lmNwpqWEZrME55aHcrdkY3VU51N0ZFSzVuWEUwd0tCZ1FEVGZOT0RLYmZyalNkZEhkV05iOHhkN2pGMlZSY3hTTnRUCit0L0FmbkRjZG8zK1NBUnJaRi9TM0hZWUxxL0l4dmZ5ZHdIblUxdC9INkxDZjBnQ2RXS2NXL1hway93ZUo1QXYKWmdaZjBPTXZsOXF0THJhTU44OG1HblV4K2IxdHZLWm4xQVcySFNuYXd2Z0kvMWVjSldNRUJiYkREbkx4cUpMegowTHJhT2pYVVh3S0JnRGlBbE44OXdjUTJSOTFkNy9mQTBRYkNVRzFmK3g1cEs5WkIvTExPdm9xS1lYVVBSZWltClhsV1ZaVWN5anZTS2hhemRGZllVTW1ycmtPK0htWHNqUDBELzRXWExIVlBmU1NMcVl1aTQ5UGt6RmM3SnM3RGoKcVgzRlpFT0o5eWJwZ2kyUW14eUIwL2RqbXFYbGdOelVWdlBwaE1PUlBFQ2ZHLzZ6SjdZRFpBRU5Bb0dBSElVcQo2UGRKVEVTKzJEbmJ3TFVnOUZIWTdjSlAzRitjNUZoaXNFemMzMzVGYTlNK2RWVVY3eE80QVU3YWVkTUxRUEYzCm1rQ05pRGsxODlEQ1gwS0JSK0RHNnZiLyt2a080clY1aXBaYTdPSW5wVTgxWXZkcndoR3pXRWY3bWI3bEdmOW4KdmNWMURZRlpmYTBoblhjVlFVZWIrL1lJM2pvRGgwblF5UGtzcFRVQ2dZRUF0NERNajdZbStRS2J2bTJXaWNlcAo1Q2s3YWFMSUxuVHZqbGRLMkdjM2loOGVGRlE2Vy9pcUc1UUEzeHMwem8xVnhlUkhPWGkrK01xWjVWTVZMZFRWCjMxWXZOeUdPbVByTitZemVINmlTYXd5VXo2dW1UN1ZkMXRuUEJ1SmdPMFM3RnRlb01BckE3TGtDcUVhMDc4bS8KRXNxNzZjYW1WdW5kRXFTRWhGMllYNkU9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
+ privateKey: '[redacted]'
serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM0RENDQWNnQ0FRQXdEUVlKS29aSWh2Y05BUUVMQlFBd0xURVZNQk1HQTFVRUNnd01aWGhoYlhCc1pTQkoKYm1NdU1SUXdFZ1lEVlFRRERBdGxlR0Z0Y0d4bExtTnZiVEFlRncweU5EQXhNall5TXpFMU16RmFGdzB5TlRBeApNalV5TXpFMU16RmFNRDh4R1RBWEJnTlZCQU1NRUdWa1oyVXVaWGhoYlhCc1pTNWpiMjB4SWpBZ0JnTlZCQW9NCkdXVmtaMlVnWlhoaGJYQnNaU0J2Y21kaGJtbDZZWFJwYjI0d2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUIKRHdBd2dnRUtBb0lCQVFDNzdodkFQQWVGUm5xL3RwR1ZkSk5lY2Fhaks2a1F5Q2pZNXIvcFh4TkJhOXZXVlFIVQpuQ1dWT3lscEVkaDZPZlltR2dvSmF0TVRUWUFYK1ZpdkxTOVhwSDhuUENZYVpvQmRpMlA0MWRrbmsyUnpGWm1sCi9YUjVIWnREWmplRE8zd3ZCSm9ubStNeFA3Qms1TGdlOWhGSFJ3akViTGNZN3crN3pxOEJEQXlJSHY3T0ozYTcKeDkvalgyUlpGdTdPNXI1eWZFUTZGc0tjelREb29DeGRVa05JZ3RwVkNvRExLdmJMNjFuZE51bGUzL21EbS92MgpTeVRIdWQxUzVkcXNwOGtKZHU4WFVSZmMyWUVsRktXdkJ0bmpoL2pyTE1YRmNhaFYvb3hKckNIdXQvUENMYkJUCkFqVGV1U0RhdVM3T0hiSlJES3dtSDdvVnZ5SUNhSXlhWWNaTkFnTUJBQUV3RFFZSktvWklodmNOQVFFTEJRQUQKZ2dFQkFHeW5yNGNPMWFZbjRNQk90aVJ2WHFJdllHNnpxZXNrNGpQbU96TjdiUTdyRzdNUngzSVQ2SW4zVFI4RApHbFAxVE54TTg5cXZRcXp4VERsdER3bXluTlV1SEdEUW4yV1Z1OFEyK0RqRnFoc3B1WHp0NnhVK2RoVVBxUnV1Ckt6c1l4TDNpMVlWZ2pDQWtBUmp4SGhMWHYwdkFUWUVRMlJ6Uko5c2ZGcWVCMHVxSk5WL0lHamJFSzQ2eTQ5QU0KNzU4TUY4T0R6cVR2Q3hMRjJYd3BScjdjSDFuZ2J4eUJ6cEdlbkpsVTI2Q2hJT1BMZUV1NTUyUVJYVGwrU2JlQQpXUzNpS01Pb3F5NGV0b0ExNWFueW43Zm01YnpINEcyZ3Yxd1pWYlBkT1dNQWRZU2I5NDIvR09CSWUzSnIyVHo3CjRJdDRROWFERnF1aG9iOTVQMUhHQkxSQ2Y5QT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
maxVersion: "1.3"
minVersion: "1.2"
@@ -632,7 +632,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
headers:
withUnderscoresAction: RejectRequest
xForwardedClientCert:
@@ -659,7 +659,7 @@ xdsIR:
name: envoy-gateway/target-gateway-3/ca.crt
certificates:
- name: envoy-gateway/tls-secret-1
- privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQzc3aHZBUEFlRlJucS8KdHBHVmRKTmVjYWFqSzZrUXlDalk1ci9wWHhOQmE5dldWUUhVbkNXVk95bHBFZGg2T2ZZbUdnb0phdE1UVFlBWAorVml2TFM5WHBIOG5QQ1lhWm9CZGkyUDQxZGtuazJSekZabWwvWFI1SFp0RFpqZURPM3d2Qkpvbm0rTXhQN0JrCjVMZ2U5aEZIUndqRWJMY1k3dys3enE4QkRBeUlIdjdPSjNhN3g5L2pYMlJaRnU3TzVyNXlmRVE2RnNLY3pURG8Kb0N4ZFVrTklndHBWQ29ETEt2Ykw2MW5kTnVsZTMvbURtL3YyU3lUSHVkMVM1ZHFzcDhrSmR1OFhVUmZjMllFbApGS1d2QnRuamgvanJMTVhGY2FoVi9veEpyQ0h1dC9QQ0xiQlRBalRldVNEYXVTN09IYkpSREt3bUg3b1Z2eUlDCmFJeWFZY1pOQWdNQkFBRUNnZ0VBSG1McVd4NHZCbk9ybHFLMGVNLzM5c1lLOEVpTTlra0c5eHRJWGVSTGxCWnIKM2dTeUNSTStXRzk2ZGZkaFkxSDFPa1ZDUGpJOFNEQzRkMzA2Ymw0Ris2RW93TXFrUytjcTlrcDYzYTg3aE5TbQpOMGdxSnl3TGV5YzRXdll2ZFA2c25scnd6MXE3Vk5QbXpQUXJ6b1hIQVc2N2tpeHA1cFF3OG1oVzVQcHlidkp5Clo2TERCZGRSZkVma2ZXVnZUUk5YWUVDUEllUStST05jR3JvVzZ5RXRrbk1BWUJjdjRlNUhCQkkrcHdyYmsrOVMKY2FQYUVjdm4vS0lyT3NpVW1FT2wwb3JXVnhkbjRmMy9MNmlFZFgyZHhIdXlwYkFiL0Qwak1MSzBwb3kyaXYyTApyOGI5VUQrRVZFNmFTVnp0MFRHbVpJYUdRVVZDQnVDTDhodlYwSU9PV1FLQmdRRGplL3JXdmk4Rndia3BRNDA0CnFQcitBaEFwaG1pV3l1a1B1VmJLN2Q5ZkdURzRHOW9Bd2wzYlFoRGVUNHhjMzd0cjlkcCtpamJuWnpKWHczL1cKcm5xTDlGWkZsVXZCYXN6c05VK1lRNmJVOE9zTXl6cURSdGJaaytVWEowUEx6QzZKWHFkNTFZdVVDM3NwL2lmNwpqWEZrME55aHcrdkY3VU51N0ZFSzVuWEUwd0tCZ1FEVGZOT0RLYmZyalNkZEhkV05iOHhkN2pGMlZSY3hTTnRUCit0L0FmbkRjZG8zK1NBUnJaRi9TM0hZWUxxL0l4dmZ5ZHdIblUxdC9INkxDZjBnQ2RXS2NXL1hway93ZUo1QXYKWmdaZjBPTXZsOXF0THJhTU44OG1HblV4K2IxdHZLWm4xQVcySFNuYXd2Z0kvMWVjSldNRUJiYkREbkx4cUpMegowTHJhT2pYVVh3S0JnRGlBbE44OXdjUTJSOTFkNy9mQTBRYkNVRzFmK3g1cEs5WkIvTExPdm9xS1lYVVBSZWltClhsV1ZaVWN5anZTS2hhemRGZllVTW1ycmtPK0htWHNqUDBELzRXWExIVlBmU1NMcVl1aTQ5UGt6RmM3SnM3RGoKcVgzRlpFT0o5eWJwZ2kyUW14eUIwL2RqbXFYbGdOelVWdlBwaE1PUlBFQ2ZHLzZ6SjdZRFpBRU5Bb0dBSElVcQo2UGRKVEVTKzJEbmJ3TFVnOUZIWTdjSlAzRitjNUZoaXNFemMzMzVGYTlNK2RWVVY3eE80QVU3YWVkTUxRUEYzCm1rQ05pRGsxODlEQ1gwS0JSK0RHNnZiLyt2a080clY1aXBaYTdPSW5wVTgxWXZkcndoR3pXRWY3bWI3bEdmOW4KdmNWMURZRlpmYTBoblhjVlFVZWIrL1lJM2pvRGgwblF5UGtzcFRVQ2dZRUF0NERNajdZbStRS2J2bTJXaWNlcAo1Q2s3YWFMSUxuVHZqbGRLMkdjM2loOGVGRlE2Vy9pcUc1UUEzeHMwem8xVnhlUkhPWGkrK01xWjVWTVZMZFRWCjMxWXZOeUdPbVByTitZemVINmlTYXd5VXo2dW1UN1ZkMXRuUEJ1SmdPMFM3RnRlb01BckE3TGtDcUVhMDc4bS8KRXNxNzZjYW1WdW5kRXFTRWhGMllYNkU9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
+ privateKey: '[redacted]'
serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM0RENDQWNnQ0FRQXdEUVlKS29aSWh2Y05BUUVMQlFBd0xURVZNQk1HQTFVRUNnd01aWGhoYlhCc1pTQkoKYm1NdU1SUXdFZ1lEVlFRRERBdGxlR0Z0Y0d4bExtTnZiVEFlRncweU5EQXhNall5TXpFMU16RmFGdzB5TlRBeApNalV5TXpFMU16RmFNRDh4R1RBWEJnTlZCQU1NRUdWa1oyVXVaWGhoYlhCc1pTNWpiMjB4SWpBZ0JnTlZCQW9NCkdXVmtaMlVnWlhoaGJYQnNaU0J2Y21kaGJtbDZZWFJwYjI0d2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUIKRHdBd2dnRUtBb0lCQVFDNzdodkFQQWVGUm5xL3RwR1ZkSk5lY2Fhaks2a1F5Q2pZNXIvcFh4TkJhOXZXVlFIVQpuQ1dWT3lscEVkaDZPZlltR2dvSmF0TVRUWUFYK1ZpdkxTOVhwSDhuUENZYVpvQmRpMlA0MWRrbmsyUnpGWm1sCi9YUjVIWnREWmplRE8zd3ZCSm9ubStNeFA3Qms1TGdlOWhGSFJ3akViTGNZN3crN3pxOEJEQXlJSHY3T0ozYTcKeDkvalgyUlpGdTdPNXI1eWZFUTZGc0tjelREb29DeGRVa05JZ3RwVkNvRExLdmJMNjFuZE51bGUzL21EbS92MgpTeVRIdWQxUzVkcXNwOGtKZHU4WFVSZmMyWUVsRktXdkJ0bmpoL2pyTE1YRmNhaFYvb3hKckNIdXQvUENMYkJUCkFqVGV1U0RhdVM3T0hiSlJES3dtSDdvVnZ5SUNhSXlhWWNaTkFnTUJBQUV3RFFZSktvWklodmNOQVFFTEJRQUQKZ2dFQkFHeW5yNGNPMWFZbjRNQk90aVJ2WHFJdllHNnpxZXNrNGpQbU96TjdiUTdyRzdNUngzSVQ2SW4zVFI4RApHbFAxVE54TTg5cXZRcXp4VERsdER3bXluTlV1SEdEUW4yV1Z1OFEyK0RqRnFoc3B1WHp0NnhVK2RoVVBxUnV1Ckt6c1l4TDNpMVlWZ2pDQWtBUmp4SGhMWHYwdkFUWUVRMlJ6Uko5c2ZGcWVCMHVxSk5WL0lHamJFSzQ2eTQ5QU0KNzU4TUY4T0R6cVR2Q3hMRjJYd3BScjdjSDFuZ2J4eUJ6cEdlbkpsVTI2Q2hJT1BMZUV1NTUyUVJYVGwrU2JlQQpXUzNpS01Pb3F5NGV0b0ExNWFueW43Zm01YnpINEcyZ3Yxd1pWYlBkT1dNQWRZU2I5NDIvR09CSWUzSnIyVHo3CjRJdDRROWFERnF1aG9iOTVQMUhHQkxSQ2Y5QT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
maxVersion: "1.3"
minVersion: "1.2"
@@ -669,7 +669,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
headers:
withUnderscoresAction: RejectRequest
xForwardedClientCert:
@@ -698,7 +698,7 @@ xdsIR:
name: envoy-gateway/target-gateway-4/ca.crt
certificates:
- name: envoy-gateway/tls-secret-1
- privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQzc3aHZBUEFlRlJucS8KdHBHVmRKTmVjYWFqSzZrUXlDalk1ci9wWHhOQmE5dldWUUhVbkNXVk95bHBFZGg2T2ZZbUdnb0phdE1UVFlBWAorVml2TFM5WHBIOG5QQ1lhWm9CZGkyUDQxZGtuazJSekZabWwvWFI1SFp0RFpqZURPM3d2Qkpvbm0rTXhQN0JrCjVMZ2U5aEZIUndqRWJMY1k3dys3enE4QkRBeUlIdjdPSjNhN3g5L2pYMlJaRnU3TzVyNXlmRVE2RnNLY3pURG8Kb0N4ZFVrTklndHBWQ29ETEt2Ykw2MW5kTnVsZTMvbURtL3YyU3lUSHVkMVM1ZHFzcDhrSmR1OFhVUmZjMllFbApGS1d2QnRuamgvanJMTVhGY2FoVi9veEpyQ0h1dC9QQ0xiQlRBalRldVNEYXVTN09IYkpSREt3bUg3b1Z2eUlDCmFJeWFZY1pOQWdNQkFBRUNnZ0VBSG1McVd4NHZCbk9ybHFLMGVNLzM5c1lLOEVpTTlra0c5eHRJWGVSTGxCWnIKM2dTeUNSTStXRzk2ZGZkaFkxSDFPa1ZDUGpJOFNEQzRkMzA2Ymw0Ris2RW93TXFrUytjcTlrcDYzYTg3aE5TbQpOMGdxSnl3TGV5YzRXdll2ZFA2c25scnd6MXE3Vk5QbXpQUXJ6b1hIQVc2N2tpeHA1cFF3OG1oVzVQcHlidkp5Clo2TERCZGRSZkVma2ZXVnZUUk5YWUVDUEllUStST05jR3JvVzZ5RXRrbk1BWUJjdjRlNUhCQkkrcHdyYmsrOVMKY2FQYUVjdm4vS0lyT3NpVW1FT2wwb3JXVnhkbjRmMy9MNmlFZFgyZHhIdXlwYkFiL0Qwak1MSzBwb3kyaXYyTApyOGI5VUQrRVZFNmFTVnp0MFRHbVpJYUdRVVZDQnVDTDhodlYwSU9PV1FLQmdRRGplL3JXdmk4Rndia3BRNDA0CnFQcitBaEFwaG1pV3l1a1B1VmJLN2Q5ZkdURzRHOW9Bd2wzYlFoRGVUNHhjMzd0cjlkcCtpamJuWnpKWHczL1cKcm5xTDlGWkZsVXZCYXN6c05VK1lRNmJVOE9zTXl6cURSdGJaaytVWEowUEx6QzZKWHFkNTFZdVVDM3NwL2lmNwpqWEZrME55aHcrdkY3VU51N0ZFSzVuWEUwd0tCZ1FEVGZOT0RLYmZyalNkZEhkV05iOHhkN2pGMlZSY3hTTnRUCit0L0FmbkRjZG8zK1NBUnJaRi9TM0hZWUxxL0l4dmZ5ZHdIblUxdC9INkxDZjBnQ2RXS2NXL1hway93ZUo1QXYKWmdaZjBPTXZsOXF0THJhTU44OG1HblV4K2IxdHZLWm4xQVcySFNuYXd2Z0kvMWVjSldNRUJiYkREbkx4cUpMegowTHJhT2pYVVh3S0JnRGlBbE44OXdjUTJSOTFkNy9mQTBRYkNVRzFmK3g1cEs5WkIvTExPdm9xS1lYVVBSZWltClhsV1ZaVWN5anZTS2hhemRGZllVTW1ycmtPK0htWHNqUDBELzRXWExIVlBmU1NMcVl1aTQ5UGt6RmM3SnM3RGoKcVgzRlpFT0o5eWJwZ2kyUW14eUIwL2RqbXFYbGdOelVWdlBwaE1PUlBFQ2ZHLzZ6SjdZRFpBRU5Bb0dBSElVcQo2UGRKVEVTKzJEbmJ3TFVnOUZIWTdjSlAzRitjNUZoaXNFemMzMzVGYTlNK2RWVVY3eE80QVU3YWVkTUxRUEYzCm1rQ05pRGsxODlEQ1gwS0JSK0RHNnZiLyt2a080clY1aXBaYTdPSW5wVTgxWXZkcndoR3pXRWY3bWI3bEdmOW4KdmNWMURZRlpmYTBoblhjVlFVZWIrL1lJM2pvRGgwblF5UGtzcFRVQ2dZRUF0NERNajdZbStRS2J2bTJXaWNlcAo1Q2s3YWFMSUxuVHZqbGRLMkdjM2loOGVGRlE2Vy9pcUc1UUEzeHMwem8xVnhlUkhPWGkrK01xWjVWTVZMZFRWCjMxWXZOeUdPbVByTitZemVINmlTYXd5VXo2dW1UN1ZkMXRuUEJ1SmdPMFM3RnRlb01BckE3TGtDcUVhMDc4bS8KRXNxNzZjYW1WdW5kRXFTRWhGMllYNkU9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
+ privateKey: '[redacted]'
serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM0RENDQWNnQ0FRQXdEUVlKS29aSWh2Y05BUUVMQlFBd0xURVZNQk1HQTFVRUNnd01aWGhoYlhCc1pTQkoKYm1NdU1SUXdFZ1lEVlFRRERBdGxlR0Z0Y0d4bExtTnZiVEFlRncweU5EQXhNall5TXpFMU16RmFGdzB5TlRBeApNalV5TXpFMU16RmFNRDh4R1RBWEJnTlZCQU1NRUdWa1oyVXVaWGhoYlhCc1pTNWpiMjB4SWpBZ0JnTlZCQW9NCkdXVmtaMlVnWlhoaGJYQnNaU0J2Y21kaGJtbDZZWFJwYjI0d2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUIKRHdBd2dnRUtBb0lCQVFDNzdodkFQQWVGUm5xL3RwR1ZkSk5lY2Fhaks2a1F5Q2pZNXIvcFh4TkJhOXZXVlFIVQpuQ1dWT3lscEVkaDZPZlltR2dvSmF0TVRUWUFYK1ZpdkxTOVhwSDhuUENZYVpvQmRpMlA0MWRrbmsyUnpGWm1sCi9YUjVIWnREWmplRE8zd3ZCSm9ubStNeFA3Qms1TGdlOWhGSFJ3akViTGNZN3crN3pxOEJEQXlJSHY3T0ozYTcKeDkvalgyUlpGdTdPNXI1eWZFUTZGc0tjelREb29DeGRVa05JZ3RwVkNvRExLdmJMNjFuZE51bGUzL21EbS92MgpTeVRIdWQxUzVkcXNwOGtKZHU4WFVSZmMyWUVsRktXdkJ0bmpoL2pyTE1YRmNhaFYvb3hKckNIdXQvUENMYkJUCkFqVGV1U0RhdVM3T0hiSlJES3dtSDdvVnZ5SUNhSXlhWWNaTkFnTUJBQUV3RFFZSktvWklodmNOQVFFTEJRQUQKZ2dFQkFHeW5yNGNPMWFZbjRNQk90aVJ2WHFJdllHNnpxZXNrNGpQbU96TjdiUTdyRzdNUngzSVQ2SW4zVFI4RApHbFAxVE54TTg5cXZRcXp4VERsdER3bXluTlV1SEdEUW4yV1Z1OFEyK0RqRnFoc3B1WHp0NnhVK2RoVVBxUnV1Ckt6c1l4TDNpMVlWZ2pDQWtBUmp4SGhMWHYwdkFUWUVRMlJ6Uko5c2ZGcWVCMHVxSk5WL0lHamJFSzQ2eTQ5QU0KNzU4TUY4T0R6cVR2Q3hMRjJYd3BScjdjSDFuZ2J4eUJ6cEdlbkpsVTI2Q2hJT1BMZUV1NTUyUVJYVGwrU2JlQQpXUzNpS01Pb3F5NGV0b0ExNWFueW43Zm01YnpINEcyZ3Yxd1pWYlBkT1dNQWRZU2I5NDIvR09CSWUzSnIyVHo3CjRJdDRROWFERnF1aG9iOTVQMUhHQkxSQ2Y5QT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
maxVersion: "1.3"
minVersion: "1.2"
@@ -708,7 +708,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
headers:
withUnderscoresAction: RejectRequest
xForwardedClientCert:
@@ -739,7 +739,7 @@ xdsIR:
name: envoy-gateway/target-gateway-5/ca.crt
certificates:
- name: envoy-gateway/tls-secret-1
- privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQzc3aHZBUEFlRlJucS8KdHBHVmRKTmVjYWFqSzZrUXlDalk1ci9wWHhOQmE5dldWUUhVbkNXVk95bHBFZGg2T2ZZbUdnb0phdE1UVFlBWAorVml2TFM5WHBIOG5QQ1lhWm9CZGkyUDQxZGtuazJSekZabWwvWFI1SFp0RFpqZURPM3d2Qkpvbm0rTXhQN0JrCjVMZ2U5aEZIUndqRWJMY1k3dys3enE4QkRBeUlIdjdPSjNhN3g5L2pYMlJaRnU3TzVyNXlmRVE2RnNLY3pURG8Kb0N4ZFVrTklndHBWQ29ETEt2Ykw2MW5kTnVsZTMvbURtL3YyU3lUSHVkMVM1ZHFzcDhrSmR1OFhVUmZjMllFbApGS1d2QnRuamgvanJMTVhGY2FoVi9veEpyQ0h1dC9QQ0xiQlRBalRldVNEYXVTN09IYkpSREt3bUg3b1Z2eUlDCmFJeWFZY1pOQWdNQkFBRUNnZ0VBSG1McVd4NHZCbk9ybHFLMGVNLzM5c1lLOEVpTTlra0c5eHRJWGVSTGxCWnIKM2dTeUNSTStXRzk2ZGZkaFkxSDFPa1ZDUGpJOFNEQzRkMzA2Ymw0Ris2RW93TXFrUytjcTlrcDYzYTg3aE5TbQpOMGdxSnl3TGV5YzRXdll2ZFA2c25scnd6MXE3Vk5QbXpQUXJ6b1hIQVc2N2tpeHA1cFF3OG1oVzVQcHlidkp5Clo2TERCZGRSZkVma2ZXVnZUUk5YWUVDUEllUStST05jR3JvVzZ5RXRrbk1BWUJjdjRlNUhCQkkrcHdyYmsrOVMKY2FQYUVjdm4vS0lyT3NpVW1FT2wwb3JXVnhkbjRmMy9MNmlFZFgyZHhIdXlwYkFiL0Qwak1MSzBwb3kyaXYyTApyOGI5VUQrRVZFNmFTVnp0MFRHbVpJYUdRVVZDQnVDTDhodlYwSU9PV1FLQmdRRGplL3JXdmk4Rndia3BRNDA0CnFQcitBaEFwaG1pV3l1a1B1VmJLN2Q5ZkdURzRHOW9Bd2wzYlFoRGVUNHhjMzd0cjlkcCtpamJuWnpKWHczL1cKcm5xTDlGWkZsVXZCYXN6c05VK1lRNmJVOE9zTXl6cURSdGJaaytVWEowUEx6QzZKWHFkNTFZdVVDM3NwL2lmNwpqWEZrME55aHcrdkY3VU51N0ZFSzVuWEUwd0tCZ1FEVGZOT0RLYmZyalNkZEhkV05iOHhkN2pGMlZSY3hTTnRUCit0L0FmbkRjZG8zK1NBUnJaRi9TM0hZWUxxL0l4dmZ5ZHdIblUxdC9INkxDZjBnQ2RXS2NXL1hway93ZUo1QXYKWmdaZjBPTXZsOXF0THJhTU44OG1HblV4K2IxdHZLWm4xQVcySFNuYXd2Z0kvMWVjSldNRUJiYkREbkx4cUpMegowTHJhT2pYVVh3S0JnRGlBbE44OXdjUTJSOTFkNy9mQTBRYkNVRzFmK3g1cEs5WkIvTExPdm9xS1lYVVBSZWltClhsV1ZaVWN5anZTS2hhemRGZllVTW1ycmtPK0htWHNqUDBELzRXWExIVlBmU1NMcVl1aTQ5UGt6RmM3SnM3RGoKcVgzRlpFT0o5eWJwZ2kyUW14eUIwL2RqbXFYbGdOelVWdlBwaE1PUlBFQ2ZHLzZ6SjdZRFpBRU5Bb0dBSElVcQo2UGRKVEVTKzJEbmJ3TFVnOUZIWTdjSlAzRitjNUZoaXNFemMzMzVGYTlNK2RWVVY3eE80QVU3YWVkTUxRUEYzCm1rQ05pRGsxODlEQ1gwS0JSK0RHNnZiLyt2a080clY1aXBaYTdPSW5wVTgxWXZkcndoR3pXRWY3bWI3bEdmOW4KdmNWMURZRlpmYTBoblhjVlFVZWIrL1lJM2pvRGgwblF5UGtzcFRVQ2dZRUF0NERNajdZbStRS2J2bTJXaWNlcAo1Q2s3YWFMSUxuVHZqbGRLMkdjM2loOGVGRlE2Vy9pcUc1UUEzeHMwem8xVnhlUkhPWGkrK01xWjVWTVZMZFRWCjMxWXZOeUdPbVByTitZemVINmlTYXd5VXo2dW1UN1ZkMXRuUEJ1SmdPMFM3RnRlb01BckE3TGtDcUVhMDc4bS8KRXNxNzZjYW1WdW5kRXFTRWhGMllYNkU9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
+ privateKey: '[redacted]'
serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM0RENDQWNnQ0FRQXdEUVlKS29aSWh2Y05BUUVMQlFBd0xURVZNQk1HQTFVRUNnd01aWGhoYlhCc1pTQkoKYm1NdU1SUXdFZ1lEVlFRRERBdGxlR0Z0Y0d4bExtTnZiVEFlRncweU5EQXhNall5TXpFMU16RmFGdzB5TlRBeApNalV5TXpFMU16RmFNRDh4R1RBWEJnTlZCQU1NRUdWa1oyVXVaWGhoYlhCc1pTNWpiMjB4SWpBZ0JnTlZCQW9NCkdXVmtaMlVnWlhoaGJYQnNaU0J2Y21kaGJtbDZZWFJwYjI0d2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUIKRHdBd2dnRUtBb0lCQVFDNzdodkFQQWVGUm5xL3RwR1ZkSk5lY2Fhaks2a1F5Q2pZNXIvcFh4TkJhOXZXVlFIVQpuQ1dWT3lscEVkaDZPZlltR2dvSmF0TVRUWUFYK1ZpdkxTOVhwSDhuUENZYVpvQmRpMlA0MWRrbmsyUnpGWm1sCi9YUjVIWnREWmplRE8zd3ZCSm9ubStNeFA3Qms1TGdlOWhGSFJ3akViTGNZN3crN3pxOEJEQXlJSHY3T0ozYTcKeDkvalgyUlpGdTdPNXI1eWZFUTZGc0tjelREb29DeGRVa05JZ3RwVkNvRExLdmJMNjFuZE51bGUzL21EbS92MgpTeVRIdWQxUzVkcXNwOGtKZHU4WFVSZmMyWUVsRktXdkJ0bmpoL2pyTE1YRmNhaFYvb3hKckNIdXQvUENMYkJUCkFqVGV1U0RhdVM3T0hiSlJES3dtSDdvVnZ5SUNhSXlhWWNaTkFnTUJBQUV3RFFZSktvWklodmNOQVFFTEJRQUQKZ2dFQkFHeW5yNGNPMWFZbjRNQk90aVJ2WHFJdllHNnpxZXNrNGpQbU96TjdiUTdyRzdNUngzSVQ2SW4zVFI4RApHbFAxVE54TTg5cXZRcXp4VERsdER3bXluTlV1SEdEUW4yV1Z1OFEyK0RqRnFoc3B1WHp0NnhVK2RoVVBxUnV1Ckt6c1l4TDNpMVlWZ2pDQWtBUmp4SGhMWHYwdkFUWUVRMlJ6Uko5c2ZGcWVCMHVxSk5WL0lHamJFSzQ2eTQ5QU0KNzU4TUY4T0R6cVR2Q3hMRjJYd3BScjdjSDFuZ2J4eUJ6cEdlbkpsVTI2Q2hJT1BMZUV1NTUyUVJYVGwrU2JlQQpXUzNpS01Pb3F5NGV0b0ExNWFueW43Zm01YnpINEcyZ3Yxd1pWYlBkT1dNQWRZU2I5NDIvR09CSWUzSnIyVHo3CjRJdDRROWFERnF1aG9iOTVQMUhHQkxSQ2Y5QT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
maxVersion: "1.3"
minVersion: "1.2"
diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-mtls-forward-client-cert.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-mtls-forward-client-cert.out.yaml
index 8d84753bcea..386651702d9 100644
--- a/internal/gatewayapi/testdata/clienttrafficpolicy-mtls-forward-client-cert.out.yaml
+++ b/internal/gatewayapi/testdata/clienttrafficpolicy-mtls-forward-client-cert.out.yaml
@@ -531,7 +531,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
headers:
withUnderscoresAction: RejectRequest
xForwardedClientCert:
@@ -556,12 +556,12 @@ xdsIR:
name: envoy-gateway/target-gateway-1/ca.crt
certificates:
- name: envoy-gateway/tls-secret-1
- privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQzc3aHZBUEFlRlJucS8KdHBHVmRKTmVjYWFqSzZrUXlDalk1ci9wWHhOQmE5dldWUUhVbkNXVk95bHBFZGg2T2ZZbUdnb0phdE1UVFlBWAorVml2TFM5WHBIOG5QQ1lhWm9CZGkyUDQxZGtuazJSekZabWwvWFI1SFp0RFpqZURPM3d2Qkpvbm0rTXhQN0JrCjVMZ2U5aEZIUndqRWJMY1k3dys3enE4QkRBeUlIdjdPSjNhN3g5L2pYMlJaRnU3TzVyNXlmRVE2RnNLY3pURG8Kb0N4ZFVrTklndHBWQ29ETEt2Ykw2MW5kTnVsZTMvbURtL3YyU3lUSHVkMVM1ZHFzcDhrSmR1OFhVUmZjMllFbApGS1d2QnRuamgvanJMTVhGY2FoVi9veEpyQ0h1dC9QQ0xiQlRBalRldVNEYXVTN09IYkpSREt3bUg3b1Z2eUlDCmFJeWFZY1pOQWdNQkFBRUNnZ0VBSG1McVd4NHZCbk9ybHFLMGVNLzM5c1lLOEVpTTlra0c5eHRJWGVSTGxCWnIKM2dTeUNSTStXRzk2ZGZkaFkxSDFPa1ZDUGpJOFNEQzRkMzA2Ymw0Ris2RW93TXFrUytjcTlrcDYzYTg3aE5TbQpOMGdxSnl3TGV5YzRXdll2ZFA2c25scnd6MXE3Vk5QbXpQUXJ6b1hIQVc2N2tpeHA1cFF3OG1oVzVQcHlidkp5Clo2TERCZGRSZkVma2ZXVnZUUk5YWUVDUEllUStST05jR3JvVzZ5RXRrbk1BWUJjdjRlNUhCQkkrcHdyYmsrOVMKY2FQYUVjdm4vS0lyT3NpVW1FT2wwb3JXVnhkbjRmMy9MNmlFZFgyZHhIdXlwYkFiL0Qwak1MSzBwb3kyaXYyTApyOGI5VUQrRVZFNmFTVnp0MFRHbVpJYUdRVVZDQnVDTDhodlYwSU9PV1FLQmdRRGplL3JXdmk4Rndia3BRNDA0CnFQcitBaEFwaG1pV3l1a1B1VmJLN2Q5ZkdURzRHOW9Bd2wzYlFoRGVUNHhjMzd0cjlkcCtpamJuWnpKWHczL1cKcm5xTDlGWkZsVXZCYXN6c05VK1lRNmJVOE9zTXl6cURSdGJaaytVWEowUEx6QzZKWHFkNTFZdVVDM3NwL2lmNwpqWEZrME55aHcrdkY3VU51N0ZFSzVuWEUwd0tCZ1FEVGZOT0RLYmZyalNkZEhkV05iOHhkN2pGMlZSY3hTTnRUCit0L0FmbkRjZG8zK1NBUnJaRi9TM0hZWUxxL0l4dmZ5ZHdIblUxdC9INkxDZjBnQ2RXS2NXL1hway93ZUo1QXYKWmdaZjBPTXZsOXF0THJhTU44OG1HblV4K2IxdHZLWm4xQVcySFNuYXd2Z0kvMWVjSldNRUJiYkREbkx4cUpMegowTHJhT2pYVVh3S0JnRGlBbE44OXdjUTJSOTFkNy9mQTBRYkNVRzFmK3g1cEs5WkIvTExPdm9xS1lYVVBSZWltClhsV1ZaVWN5anZTS2hhemRGZllVTW1ycmtPK0htWHNqUDBELzRXWExIVlBmU1NMcVl1aTQ5UGt6RmM3SnM3RGoKcVgzRlpFT0o5eWJwZ2kyUW14eUIwL2RqbXFYbGdOelVWdlBwaE1PUlBFQ2ZHLzZ6SjdZRFpBRU5Bb0dBSElVcQo2UGRKVEVTKzJEbmJ3TFVnOUZIWTdjSlAzRitjNUZoaXNFemMzMzVGYTlNK2RWVVY3eE80QVU3YWVkTUxRUEYzCm1rQ05pRGsxODlEQ1gwS0JSK0RHNnZiLyt2a080clY1aXBaYTdPSW5wVTgxWXZkcndoR3pXRWY3bWI3bEdmOW4KdmNWMURZRlpmYTBoblhjVlFVZWIrL1lJM2pvRGgwblF5UGtzcFRVQ2dZRUF0NERNajdZbStRS2J2bTJXaWNlcAo1Q2s3YWFMSUxuVHZqbGRLMkdjM2loOGVGRlE2Vy9pcUc1UUEzeHMwem8xVnhlUkhPWGkrK01xWjVWTVZMZFRWCjMxWXZOeUdPbVByTitZemVINmlTYXd5VXo2dW1UN1ZkMXRuUEJ1SmdPMFM3RnRlb01BckE3TGtDcUVhMDc4bS8KRXNxNzZjYW1WdW5kRXFTRWhGMllYNkU9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
+ privateKey: '[redacted]'
serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM0RENDQWNnQ0FRQXdEUVlKS29aSWh2Y05BUUVMQlFBd0xURVZNQk1HQTFVRUNnd01aWGhoYlhCc1pTQkoKYm1NdU1SUXdFZ1lEVlFRRERBdGxlR0Z0Y0d4bExtTnZiVEFlRncweU5EQXhNall5TXpFMU16RmFGdzB5TlRBeApNalV5TXpFMU16RmFNRDh4R1RBWEJnTlZCQU1NRUdWa1oyVXVaWGhoYlhCc1pTNWpiMjB4SWpBZ0JnTlZCQW9NCkdXVmtaMlVnWlhoaGJYQnNaU0J2Y21kaGJtbDZZWFJwYjI0d2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUIKRHdBd2dnRUtBb0lCQVFDNzdodkFQQWVGUm5xL3RwR1ZkSk5lY2Fhaks2a1F5Q2pZNXIvcFh4TkJhOXZXVlFIVQpuQ1dWT3lscEVkaDZPZlltR2dvSmF0TVRUWUFYK1ZpdkxTOVhwSDhuUENZYVpvQmRpMlA0MWRrbmsyUnpGWm1sCi9YUjVIWnREWmplRE8zd3ZCSm9ubStNeFA3Qms1TGdlOWhGSFJ3akViTGNZN3crN3pxOEJEQXlJSHY3T0ozYTcKeDkvalgyUlpGdTdPNXI1eWZFUTZGc0tjelREb29DeGRVa05JZ3RwVkNvRExLdmJMNjFuZE51bGUzL21EbS92MgpTeVRIdWQxUzVkcXNwOGtKZHU4WFVSZmMyWUVsRktXdkJ0bmpoL2pyTE1YRmNhaFYvb3hKckNIdXQvUENMYkJUCkFqVGV1U0RhdVM3T0hiSlJES3dtSDdvVnZ5SUNhSXlhWWNaTkFnTUJBQUV3RFFZSktvWklodmNOQVFFTEJRQUQKZ2dFQkFHeW5yNGNPMWFZbjRNQk90aVJ2WHFJdllHNnpxZXNrNGpQbU96TjdiUTdyRzdNUngzSVQ2SW4zVFI4RApHbFAxVE54TTg5cXZRcXp4VERsdER3bXluTlV1SEdEUW4yV1Z1OFEyK0RqRnFoc3B1WHp0NnhVK2RoVVBxUnV1Ckt6c1l4TDNpMVlWZ2pDQWtBUmp4SGhMWHYwdkFUWUVRMlJ6Uko5c2ZGcWVCMHVxSk5WL0lHamJFSzQ2eTQ5QU0KNzU4TUY4T0R6cVR2Q3hMRjJYd3BScjdjSDFuZ2J4eUJ6cEdlbkpsVTI2Q2hJT1BMZUV1NTUyUVJYVGwrU2JlQQpXUzNpS01Pb3F5NGV0b0ExNWFueW43Zm01YnpINEcyZ3Yxd1pWYlBkT1dNQWRZU2I5NDIvR09CSWUzSnIyVHo3CjRJdDRROWFERnF1aG9iOTVQMUhHQkxSQ2Y5QT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
maxVersion: "1.3"
minVersion: "1.2"
requireClientCertificate: true
- - address: 0.0.0.0
+ - address: '::'
headers:
withUnderscoresAction: RejectRequest
xForwardedClientCert:
@@ -584,7 +584,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
headers:
withUnderscoresAction: RejectRequest
xForwardedClientCert:
@@ -609,7 +609,7 @@ xdsIR:
name: envoy-gateway/target-gateway-2/ca.crt
certificates:
- name: envoy-gateway/tls-secret-1
- privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQzc3aHZBUEFlRlJucS8KdHBHVmRKTmVjYWFqSzZrUXlDalk1ci9wWHhOQmE5dldWUUhVbkNXVk95bHBFZGg2T2ZZbUdnb0phdE1UVFlBWAorVml2TFM5WHBIOG5QQ1lhWm9CZGkyUDQxZGtuazJSekZabWwvWFI1SFp0RFpqZURPM3d2Qkpvbm0rTXhQN0JrCjVMZ2U5aEZIUndqRWJMY1k3dys3enE4QkRBeUlIdjdPSjNhN3g5L2pYMlJaRnU3TzVyNXlmRVE2RnNLY3pURG8Kb0N4ZFVrTklndHBWQ29ETEt2Ykw2MW5kTnVsZTMvbURtL3YyU3lUSHVkMVM1ZHFzcDhrSmR1OFhVUmZjMllFbApGS1d2QnRuamgvanJMTVhGY2FoVi9veEpyQ0h1dC9QQ0xiQlRBalRldVNEYXVTN09IYkpSREt3bUg3b1Z2eUlDCmFJeWFZY1pOQWdNQkFBRUNnZ0VBSG1McVd4NHZCbk9ybHFLMGVNLzM5c1lLOEVpTTlra0c5eHRJWGVSTGxCWnIKM2dTeUNSTStXRzk2ZGZkaFkxSDFPa1ZDUGpJOFNEQzRkMzA2Ymw0Ris2RW93TXFrUytjcTlrcDYzYTg3aE5TbQpOMGdxSnl3TGV5YzRXdll2ZFA2c25scnd6MXE3Vk5QbXpQUXJ6b1hIQVc2N2tpeHA1cFF3OG1oVzVQcHlidkp5Clo2TERCZGRSZkVma2ZXVnZUUk5YWUVDUEllUStST05jR3JvVzZ5RXRrbk1BWUJjdjRlNUhCQkkrcHdyYmsrOVMKY2FQYUVjdm4vS0lyT3NpVW1FT2wwb3JXVnhkbjRmMy9MNmlFZFgyZHhIdXlwYkFiL0Qwak1MSzBwb3kyaXYyTApyOGI5VUQrRVZFNmFTVnp0MFRHbVpJYUdRVVZDQnVDTDhodlYwSU9PV1FLQmdRRGplL3JXdmk4Rndia3BRNDA0CnFQcitBaEFwaG1pV3l1a1B1VmJLN2Q5ZkdURzRHOW9Bd2wzYlFoRGVUNHhjMzd0cjlkcCtpamJuWnpKWHczL1cKcm5xTDlGWkZsVXZCYXN6c05VK1lRNmJVOE9zTXl6cURSdGJaaytVWEowUEx6QzZKWHFkNTFZdVVDM3NwL2lmNwpqWEZrME55aHcrdkY3VU51N0ZFSzVuWEUwd0tCZ1FEVGZOT0RLYmZyalNkZEhkV05iOHhkN2pGMlZSY3hTTnRUCit0L0FmbkRjZG8zK1NBUnJaRi9TM0hZWUxxL0l4dmZ5ZHdIblUxdC9INkxDZjBnQ2RXS2NXL1hway93ZUo1QXYKWmdaZjBPTXZsOXF0THJhTU44OG1HblV4K2IxdHZLWm4xQVcySFNuYXd2Z0kvMWVjSldNRUJiYkREbkx4cUpMegowTHJhT2pYVVh3S0JnRGlBbE44OXdjUTJSOTFkNy9mQTBRYkNVRzFmK3g1cEs5WkIvTExPdm9xS1lYVVBSZWltClhsV1ZaVWN5anZTS2hhemRGZllVTW1ycmtPK0htWHNqUDBELzRXWExIVlBmU1NMcVl1aTQ5UGt6RmM3SnM3RGoKcVgzRlpFT0o5eWJwZ2kyUW14eUIwL2RqbXFYbGdOelVWdlBwaE1PUlBFQ2ZHLzZ6SjdZRFpBRU5Bb0dBSElVcQo2UGRKVEVTKzJEbmJ3TFVnOUZIWTdjSlAzRitjNUZoaXNFemMzMzVGYTlNK2RWVVY3eE80QVU3YWVkTUxRUEYzCm1rQ05pRGsxODlEQ1gwS0JSK0RHNnZiLyt2a080clY1aXBaYTdPSW5wVTgxWXZkcndoR3pXRWY3bWI3bEdmOW4KdmNWMURZRlpmYTBoblhjVlFVZWIrL1lJM2pvRGgwblF5UGtzcFRVQ2dZRUF0NERNajdZbStRS2J2bTJXaWNlcAo1Q2s3YWFMSUxuVHZqbGRLMkdjM2loOGVGRlE2Vy9pcUc1UUEzeHMwem8xVnhlUkhPWGkrK01xWjVWTVZMZFRWCjMxWXZOeUdPbVByTitZemVINmlTYXd5VXo2dW1UN1ZkMXRuUEJ1SmdPMFM3RnRlb01BckE3TGtDcUVhMDc4bS8KRXNxNzZjYW1WdW5kRXFTRWhGMllYNkU9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
+ privateKey: '[redacted]'
serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM0RENDQWNnQ0FRQXdEUVlKS29aSWh2Y05BUUVMQlFBd0xURVZNQk1HQTFVRUNnd01aWGhoYlhCc1pTQkoKYm1NdU1SUXdFZ1lEVlFRRERBdGxlR0Z0Y0d4bExtTnZiVEFlRncweU5EQXhNall5TXpFMU16RmFGdzB5TlRBeApNalV5TXpFMU16RmFNRDh4R1RBWEJnTlZCQU1NRUdWa1oyVXVaWGhoYlhCc1pTNWpiMjB4SWpBZ0JnTlZCQW9NCkdXVmtaMlVnWlhoaGJYQnNaU0J2Y21kaGJtbDZZWFJwYjI0d2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUIKRHdBd2dnRUtBb0lCQVFDNzdodkFQQWVGUm5xL3RwR1ZkSk5lY2Fhaks2a1F5Q2pZNXIvcFh4TkJhOXZXVlFIVQpuQ1dWT3lscEVkaDZPZlltR2dvSmF0TVRUWUFYK1ZpdkxTOVhwSDhuUENZYVpvQmRpMlA0MWRrbmsyUnpGWm1sCi9YUjVIWnREWmplRE8zd3ZCSm9ubStNeFA3Qms1TGdlOWhGSFJ3akViTGNZN3crN3pxOEJEQXlJSHY3T0ozYTcKeDkvalgyUlpGdTdPNXI1eWZFUTZGc0tjelREb29DeGRVa05JZ3RwVkNvRExLdmJMNjFuZE51bGUzL21EbS92MgpTeVRIdWQxUzVkcXNwOGtKZHU4WFVSZmMyWUVsRktXdkJ0bmpoL2pyTE1YRmNhaFYvb3hKckNIdXQvUENMYkJUCkFqVGV1U0RhdVM3T0hiSlJES3dtSDdvVnZ5SUNhSXlhWWNaTkFnTUJBQUV3RFFZSktvWklodmNOQVFFTEJRQUQKZ2dFQkFHeW5yNGNPMWFZbjRNQk90aVJ2WHFJdllHNnpxZXNrNGpQbU96TjdiUTdyRzdNUngzSVQ2SW4zVFI4RApHbFAxVE54TTg5cXZRcXp4VERsdER3bXluTlV1SEdEUW4yV1Z1OFEyK0RqRnFoc3B1WHp0NnhVK2RoVVBxUnV1Ckt6c1l4TDNpMVlWZ2pDQWtBUmp4SGhMWHYwdkFUWUVRMlJ6Uko5c2ZGcWVCMHVxSk5WL0lHamJFSzQ2eTQ5QU0KNzU4TUY4T0R6cVR2Q3hMRjJYd3BScjdjSDFuZ2J4eUJ6cEdlbkpsVTI2Q2hJT1BMZUV1NTUyUVJYVGwrU2JlQQpXUzNpS01Pb3F5NGV0b0ExNWFueW43Zm01YnpINEcyZ3Yxd1pWYlBkT1dNQWRZU2I5NDIvR09CSWUzSnIyVHo3CjRJdDRROWFERnF1aG9iOTVQMUhHQkxSQ2Y5QT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
maxVersion: "1.3"
minVersion: "1.2"
@@ -619,7 +619,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
headers:
withUnderscoresAction: RejectRequest
xForwardedClientCert:
@@ -644,7 +644,7 @@ xdsIR:
name: envoy-gateway/target-gateway-3/ca.crt
certificates:
- name: envoy-gateway/tls-secret-1
- privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQzc3aHZBUEFlRlJucS8KdHBHVmRKTmVjYWFqSzZrUXlDalk1ci9wWHhOQmE5dldWUUhVbkNXVk95bHBFZGg2T2ZZbUdnb0phdE1UVFlBWAorVml2TFM5WHBIOG5QQ1lhWm9CZGkyUDQxZGtuazJSekZabWwvWFI1SFp0RFpqZURPM3d2Qkpvbm0rTXhQN0JrCjVMZ2U5aEZIUndqRWJMY1k3dys3enE4QkRBeUlIdjdPSjNhN3g5L2pYMlJaRnU3TzVyNXlmRVE2RnNLY3pURG8Kb0N4ZFVrTklndHBWQ29ETEt2Ykw2MW5kTnVsZTMvbURtL3YyU3lUSHVkMVM1ZHFzcDhrSmR1OFhVUmZjMllFbApGS1d2QnRuamgvanJMTVhGY2FoVi9veEpyQ0h1dC9QQ0xiQlRBalRldVNEYXVTN09IYkpSREt3bUg3b1Z2eUlDCmFJeWFZY1pOQWdNQkFBRUNnZ0VBSG1McVd4NHZCbk9ybHFLMGVNLzM5c1lLOEVpTTlra0c5eHRJWGVSTGxCWnIKM2dTeUNSTStXRzk2ZGZkaFkxSDFPa1ZDUGpJOFNEQzRkMzA2Ymw0Ris2RW93TXFrUytjcTlrcDYzYTg3aE5TbQpOMGdxSnl3TGV5YzRXdll2ZFA2c25scnd6MXE3Vk5QbXpQUXJ6b1hIQVc2N2tpeHA1cFF3OG1oVzVQcHlidkp5Clo2TERCZGRSZkVma2ZXVnZUUk5YWUVDUEllUStST05jR3JvVzZ5RXRrbk1BWUJjdjRlNUhCQkkrcHdyYmsrOVMKY2FQYUVjdm4vS0lyT3NpVW1FT2wwb3JXVnhkbjRmMy9MNmlFZFgyZHhIdXlwYkFiL0Qwak1MSzBwb3kyaXYyTApyOGI5VUQrRVZFNmFTVnp0MFRHbVpJYUdRVVZDQnVDTDhodlYwSU9PV1FLQmdRRGplL3JXdmk4Rndia3BRNDA0CnFQcitBaEFwaG1pV3l1a1B1VmJLN2Q5ZkdURzRHOW9Bd2wzYlFoRGVUNHhjMzd0cjlkcCtpamJuWnpKWHczL1cKcm5xTDlGWkZsVXZCYXN6c05VK1lRNmJVOE9zTXl6cURSdGJaaytVWEowUEx6QzZKWHFkNTFZdVVDM3NwL2lmNwpqWEZrME55aHcrdkY3VU51N0ZFSzVuWEUwd0tCZ1FEVGZOT0RLYmZyalNkZEhkV05iOHhkN2pGMlZSY3hTTnRUCit0L0FmbkRjZG8zK1NBUnJaRi9TM0hZWUxxL0l4dmZ5ZHdIblUxdC9INkxDZjBnQ2RXS2NXL1hway93ZUo1QXYKWmdaZjBPTXZsOXF0THJhTU44OG1HblV4K2IxdHZLWm4xQVcySFNuYXd2Z0kvMWVjSldNRUJiYkREbkx4cUpMegowTHJhT2pYVVh3S0JnRGlBbE44OXdjUTJSOTFkNy9mQTBRYkNVRzFmK3g1cEs5WkIvTExPdm9xS1lYVVBSZWltClhsV1ZaVWN5anZTS2hhemRGZllVTW1ycmtPK0htWHNqUDBELzRXWExIVlBmU1NMcVl1aTQ5UGt6RmM3SnM3RGoKcVgzRlpFT0o5eWJwZ2kyUW14eUIwL2RqbXFYbGdOelVWdlBwaE1PUlBFQ2ZHLzZ6SjdZRFpBRU5Bb0dBSElVcQo2UGRKVEVTKzJEbmJ3TFVnOUZIWTdjSlAzRitjNUZoaXNFemMzMzVGYTlNK2RWVVY3eE80QVU3YWVkTUxRUEYzCm1rQ05pRGsxODlEQ1gwS0JSK0RHNnZiLyt2a080clY1aXBaYTdPSW5wVTgxWXZkcndoR3pXRWY3bWI3bEdmOW4KdmNWMURZRlpmYTBoblhjVlFVZWIrL1lJM2pvRGgwblF5UGtzcFRVQ2dZRUF0NERNajdZbStRS2J2bTJXaWNlcAo1Q2s3YWFMSUxuVHZqbGRLMkdjM2loOGVGRlE2Vy9pcUc1UUEzeHMwem8xVnhlUkhPWGkrK01xWjVWTVZMZFRWCjMxWXZOeUdPbVByTitZemVINmlTYXd5VXo2dW1UN1ZkMXRuUEJ1SmdPMFM3RnRlb01BckE3TGtDcUVhMDc4bS8KRXNxNzZjYW1WdW5kRXFTRWhGMllYNkU9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
+ privateKey: '[redacted]'
serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM0RENDQWNnQ0FRQXdEUVlKS29aSWh2Y05BUUVMQlFBd0xURVZNQk1HQTFVRUNnd01aWGhoYlhCc1pTQkoKYm1NdU1SUXdFZ1lEVlFRRERBdGxlR0Z0Y0d4bExtTnZiVEFlRncweU5EQXhNall5TXpFMU16RmFGdzB5TlRBeApNalV5TXpFMU16RmFNRDh4R1RBWEJnTlZCQU1NRUdWa1oyVXVaWGhoYlhCc1pTNWpiMjB4SWpBZ0JnTlZCQW9NCkdXVmtaMlVnWlhoaGJYQnNaU0J2Y21kaGJtbDZZWFJwYjI0d2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUIKRHdBd2dnRUtBb0lCQVFDNzdodkFQQWVGUm5xL3RwR1ZkSk5lY2Fhaks2a1F5Q2pZNXIvcFh4TkJhOXZXVlFIVQpuQ1dWT3lscEVkaDZPZlltR2dvSmF0TVRUWUFYK1ZpdkxTOVhwSDhuUENZYVpvQmRpMlA0MWRrbmsyUnpGWm1sCi9YUjVIWnREWmplRE8zd3ZCSm9ubStNeFA3Qms1TGdlOWhGSFJ3akViTGNZN3crN3pxOEJEQXlJSHY3T0ozYTcKeDkvalgyUlpGdTdPNXI1eWZFUTZGc0tjelREb29DeGRVa05JZ3RwVkNvRExLdmJMNjFuZE51bGUzL21EbS92MgpTeVRIdWQxUzVkcXNwOGtKZHU4WFVSZmMyWUVsRktXdkJ0bmpoL2pyTE1YRmNhaFYvb3hKckNIdXQvUENMYkJUCkFqVGV1U0RhdVM3T0hiSlJES3dtSDdvVnZ5SUNhSXlhWWNaTkFnTUJBQUV3RFFZSktvWklodmNOQVFFTEJRQUQKZ2dFQkFHeW5yNGNPMWFZbjRNQk90aVJ2WHFJdllHNnpxZXNrNGpQbU96TjdiUTdyRzdNUngzSVQ2SW4zVFI4RApHbFAxVE54TTg5cXZRcXp4VERsdER3bXluTlV1SEdEUW4yV1Z1OFEyK0RqRnFoc3B1WHp0NnhVK2RoVVBxUnV1Ckt6c1l4TDNpMVlWZ2pDQWtBUmp4SGhMWHYwdkFUWUVRMlJ6Uko5c2ZGcWVCMHVxSk5WL0lHamJFSzQ2eTQ5QU0KNzU4TUY4T0R6cVR2Q3hMRjJYd3BScjdjSDFuZ2J4eUJ6cEdlbkpsVTI2Q2hJT1BMZUV1NTUyUVJYVGwrU2JlQQpXUzNpS01Pb3F5NGV0b0ExNWFueW43Zm01YnpINEcyZ3Yxd1pWYlBkT1dNQWRZU2I5NDIvR09CSWUzSnIyVHo3CjRJdDRROWFERnF1aG9iOTVQMUhHQkxSQ2Y5QT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
maxVersion: "1.3"
minVersion: "1.2"
@@ -654,7 +654,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
headers:
withUnderscoresAction: RejectRequest
xForwardedClientCert:
@@ -679,7 +679,7 @@ xdsIR:
name: envoy-gateway/target-gateway-4/ca.crt
certificates:
- name: envoy-gateway/tls-secret-1
- privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQzc3aHZBUEFlRlJucS8KdHBHVmRKTmVjYWFqSzZrUXlDalk1ci9wWHhOQmE5dldWUUhVbkNXVk95bHBFZGg2T2ZZbUdnb0phdE1UVFlBWAorVml2TFM5WHBIOG5QQ1lhWm9CZGkyUDQxZGtuazJSekZabWwvWFI1SFp0RFpqZURPM3d2Qkpvbm0rTXhQN0JrCjVMZ2U5aEZIUndqRWJMY1k3dys3enE4QkRBeUlIdjdPSjNhN3g5L2pYMlJaRnU3TzVyNXlmRVE2RnNLY3pURG8Kb0N4ZFVrTklndHBWQ29ETEt2Ykw2MW5kTnVsZTMvbURtL3YyU3lUSHVkMVM1ZHFzcDhrSmR1OFhVUmZjMllFbApGS1d2QnRuamgvanJMTVhGY2FoVi9veEpyQ0h1dC9QQ0xiQlRBalRldVNEYXVTN09IYkpSREt3bUg3b1Z2eUlDCmFJeWFZY1pOQWdNQkFBRUNnZ0VBSG1McVd4NHZCbk9ybHFLMGVNLzM5c1lLOEVpTTlra0c5eHRJWGVSTGxCWnIKM2dTeUNSTStXRzk2ZGZkaFkxSDFPa1ZDUGpJOFNEQzRkMzA2Ymw0Ris2RW93TXFrUytjcTlrcDYzYTg3aE5TbQpOMGdxSnl3TGV5YzRXdll2ZFA2c25scnd6MXE3Vk5QbXpQUXJ6b1hIQVc2N2tpeHA1cFF3OG1oVzVQcHlidkp5Clo2TERCZGRSZkVma2ZXVnZUUk5YWUVDUEllUStST05jR3JvVzZ5RXRrbk1BWUJjdjRlNUhCQkkrcHdyYmsrOVMKY2FQYUVjdm4vS0lyT3NpVW1FT2wwb3JXVnhkbjRmMy9MNmlFZFgyZHhIdXlwYkFiL0Qwak1MSzBwb3kyaXYyTApyOGI5VUQrRVZFNmFTVnp0MFRHbVpJYUdRVVZDQnVDTDhodlYwSU9PV1FLQmdRRGplL3JXdmk4Rndia3BRNDA0CnFQcitBaEFwaG1pV3l1a1B1VmJLN2Q5ZkdURzRHOW9Bd2wzYlFoRGVUNHhjMzd0cjlkcCtpamJuWnpKWHczL1cKcm5xTDlGWkZsVXZCYXN6c05VK1lRNmJVOE9zTXl6cURSdGJaaytVWEowUEx6QzZKWHFkNTFZdVVDM3NwL2lmNwpqWEZrME55aHcrdkY3VU51N0ZFSzVuWEUwd0tCZ1FEVGZOT0RLYmZyalNkZEhkV05iOHhkN2pGMlZSY3hTTnRUCit0L0FmbkRjZG8zK1NBUnJaRi9TM0hZWUxxL0l4dmZ5ZHdIblUxdC9INkxDZjBnQ2RXS2NXL1hway93ZUo1QXYKWmdaZjBPTXZsOXF0THJhTU44OG1HblV4K2IxdHZLWm4xQVcySFNuYXd2Z0kvMWVjSldNRUJiYkREbkx4cUpMegowTHJhT2pYVVh3S0JnRGlBbE44OXdjUTJSOTFkNy9mQTBRYkNVRzFmK3g1cEs5WkIvTExPdm9xS1lYVVBSZWltClhsV1ZaVWN5anZTS2hhemRGZllVTW1ycmtPK0htWHNqUDBELzRXWExIVlBmU1NMcVl1aTQ5UGt6RmM3SnM3RGoKcVgzRlpFT0o5eWJwZ2kyUW14eUIwL2RqbXFYbGdOelVWdlBwaE1PUlBFQ2ZHLzZ6SjdZRFpBRU5Bb0dBSElVcQo2UGRKVEVTKzJEbmJ3TFVnOUZIWTdjSlAzRitjNUZoaXNFemMzMzVGYTlNK2RWVVY3eE80QVU3YWVkTUxRUEYzCm1rQ05pRGsxODlEQ1gwS0JSK0RHNnZiLyt2a080clY1aXBaYTdPSW5wVTgxWXZkcndoR3pXRWY3bWI3bEdmOW4KdmNWMURZRlpmYTBoblhjVlFVZWIrL1lJM2pvRGgwblF5UGtzcFRVQ2dZRUF0NERNajdZbStRS2J2bTJXaWNlcAo1Q2s3YWFMSUxuVHZqbGRLMkdjM2loOGVGRlE2Vy9pcUc1UUEzeHMwem8xVnhlUkhPWGkrK01xWjVWTVZMZFRWCjMxWXZOeUdPbVByTitZemVINmlTYXd5VXo2dW1UN1ZkMXRuUEJ1SmdPMFM3RnRlb01BckE3TGtDcUVhMDc4bS8KRXNxNzZjYW1WdW5kRXFTRWhGMllYNkU9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
+ privateKey: '[redacted]'
serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM0RENDQWNnQ0FRQXdEUVlKS29aSWh2Y05BUUVMQlFBd0xURVZNQk1HQTFVRUNnd01aWGhoYlhCc1pTQkoKYm1NdU1SUXdFZ1lEVlFRRERBdGxlR0Z0Y0d4bExtTnZiVEFlRncweU5EQXhNall5TXpFMU16RmFGdzB5TlRBeApNalV5TXpFMU16RmFNRDh4R1RBWEJnTlZCQU1NRUdWa1oyVXVaWGhoYlhCc1pTNWpiMjB4SWpBZ0JnTlZCQW9NCkdXVmtaMlVnWlhoaGJYQnNaU0J2Y21kaGJtbDZZWFJwYjI0d2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUIKRHdBd2dnRUtBb0lCQVFDNzdodkFQQWVGUm5xL3RwR1ZkSk5lY2Fhaks2a1F5Q2pZNXIvcFh4TkJhOXZXVlFIVQpuQ1dWT3lscEVkaDZPZlltR2dvSmF0TVRUWUFYK1ZpdkxTOVhwSDhuUENZYVpvQmRpMlA0MWRrbmsyUnpGWm1sCi9YUjVIWnREWmplRE8zd3ZCSm9ubStNeFA3Qms1TGdlOWhGSFJ3akViTGNZN3crN3pxOEJEQXlJSHY3T0ozYTcKeDkvalgyUlpGdTdPNXI1eWZFUTZGc0tjelREb29DeGRVa05JZ3RwVkNvRExLdmJMNjFuZE51bGUzL21EbS92MgpTeVRIdWQxUzVkcXNwOGtKZHU4WFVSZmMyWUVsRktXdkJ0bmpoL2pyTE1YRmNhaFYvb3hKckNIdXQvUENMYkJUCkFqVGV1U0RhdVM3T0hiSlJES3dtSDdvVnZ5SUNhSXlhWWNaTkFnTUJBQUV3RFFZSktvWklodmNOQVFFTEJRQUQKZ2dFQkFHeW5yNGNPMWFZbjRNQk90aVJ2WHFJdllHNnpxZXNrNGpQbU96TjdiUTdyRzdNUngzSVQ2SW4zVFI4RApHbFAxVE54TTg5cXZRcXp4VERsdER3bXluTlV1SEdEUW4yV1Z1OFEyK0RqRnFoc3B1WHp0NnhVK2RoVVBxUnV1Ckt6c1l4TDNpMVlWZ2pDQWtBUmp4SGhMWHYwdkFUWUVRMlJ6Uko5c2ZGcWVCMHVxSk5WL0lHamJFSzQ2eTQ5QU0KNzU4TUY4T0R6cVR2Q3hMRjJYd3BScjdjSDFuZ2J4eUJ6cEdlbkpsVTI2Q2hJT1BMZUV1NTUyUVJYVGwrU2JlQQpXUzNpS01Pb3F5NGV0b0ExNWFueW43Zm01YnpINEcyZ3Yxd1pWYlBkT1dNQWRZU2I5NDIvR09CSWUzSnIyVHo3CjRJdDRROWFERnF1aG9iOTVQMUhHQkxSQ2Y5QT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
maxVersion: "1.3"
minVersion: "1.2"
@@ -689,7 +689,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
headers:
withUnderscoresAction: RejectRequest
xForwardedClientCert:
@@ -714,7 +714,7 @@ xdsIR:
name: envoy-gateway/target-gateway-5/ca.crt
certificates:
- name: envoy-gateway/tls-secret-1
- privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQzc3aHZBUEFlRlJucS8KdHBHVmRKTmVjYWFqSzZrUXlDalk1ci9wWHhOQmE5dldWUUhVbkNXVk95bHBFZGg2T2ZZbUdnb0phdE1UVFlBWAorVml2TFM5WHBIOG5QQ1lhWm9CZGkyUDQxZGtuazJSekZabWwvWFI1SFp0RFpqZURPM3d2Qkpvbm0rTXhQN0JrCjVMZ2U5aEZIUndqRWJMY1k3dys3enE4QkRBeUlIdjdPSjNhN3g5L2pYMlJaRnU3TzVyNXlmRVE2RnNLY3pURG8Kb0N4ZFVrTklndHBWQ29ETEt2Ykw2MW5kTnVsZTMvbURtL3YyU3lUSHVkMVM1ZHFzcDhrSmR1OFhVUmZjMllFbApGS1d2QnRuamgvanJMTVhGY2FoVi9veEpyQ0h1dC9QQ0xiQlRBalRldVNEYXVTN09IYkpSREt3bUg3b1Z2eUlDCmFJeWFZY1pOQWdNQkFBRUNnZ0VBSG1McVd4NHZCbk9ybHFLMGVNLzM5c1lLOEVpTTlra0c5eHRJWGVSTGxCWnIKM2dTeUNSTStXRzk2ZGZkaFkxSDFPa1ZDUGpJOFNEQzRkMzA2Ymw0Ris2RW93TXFrUytjcTlrcDYzYTg3aE5TbQpOMGdxSnl3TGV5YzRXdll2ZFA2c25scnd6MXE3Vk5QbXpQUXJ6b1hIQVc2N2tpeHA1cFF3OG1oVzVQcHlidkp5Clo2TERCZGRSZkVma2ZXVnZUUk5YWUVDUEllUStST05jR3JvVzZ5RXRrbk1BWUJjdjRlNUhCQkkrcHdyYmsrOVMKY2FQYUVjdm4vS0lyT3NpVW1FT2wwb3JXVnhkbjRmMy9MNmlFZFgyZHhIdXlwYkFiL0Qwak1MSzBwb3kyaXYyTApyOGI5VUQrRVZFNmFTVnp0MFRHbVpJYUdRVVZDQnVDTDhodlYwSU9PV1FLQmdRRGplL3JXdmk4Rndia3BRNDA0CnFQcitBaEFwaG1pV3l1a1B1VmJLN2Q5ZkdURzRHOW9Bd2wzYlFoRGVUNHhjMzd0cjlkcCtpamJuWnpKWHczL1cKcm5xTDlGWkZsVXZCYXN6c05VK1lRNmJVOE9zTXl6cURSdGJaaytVWEowUEx6QzZKWHFkNTFZdVVDM3NwL2lmNwpqWEZrME55aHcrdkY3VU51N0ZFSzVuWEUwd0tCZ1FEVGZOT0RLYmZyalNkZEhkV05iOHhkN2pGMlZSY3hTTnRUCit0L0FmbkRjZG8zK1NBUnJaRi9TM0hZWUxxL0l4dmZ5ZHdIblUxdC9INkxDZjBnQ2RXS2NXL1hway93ZUo1QXYKWmdaZjBPTXZsOXF0THJhTU44OG1HblV4K2IxdHZLWm4xQVcySFNuYXd2Z0kvMWVjSldNRUJiYkREbkx4cUpMegowTHJhT2pYVVh3S0JnRGlBbE44OXdjUTJSOTFkNy9mQTBRYkNVRzFmK3g1cEs5WkIvTExPdm9xS1lYVVBSZWltClhsV1ZaVWN5anZTS2hhemRGZllVTW1ycmtPK0htWHNqUDBELzRXWExIVlBmU1NMcVl1aTQ5UGt6RmM3SnM3RGoKcVgzRlpFT0o5eWJwZ2kyUW14eUIwL2RqbXFYbGdOelVWdlBwaE1PUlBFQ2ZHLzZ6SjdZRFpBRU5Bb0dBSElVcQo2UGRKVEVTKzJEbmJ3TFVnOUZIWTdjSlAzRitjNUZoaXNFemMzMzVGYTlNK2RWVVY3eE80QVU3YWVkTUxRUEYzCm1rQ05pRGsxODlEQ1gwS0JSK0RHNnZiLyt2a080clY1aXBaYTdPSW5wVTgxWXZkcndoR3pXRWY3bWI3bEdmOW4KdmNWMURZRlpmYTBoblhjVlFVZWIrL1lJM2pvRGgwblF5UGtzcFRVQ2dZRUF0NERNajdZbStRS2J2bTJXaWNlcAo1Q2s3YWFMSUxuVHZqbGRLMkdjM2loOGVGRlE2Vy9pcUc1UUEzeHMwem8xVnhlUkhPWGkrK01xWjVWTVZMZFRWCjMxWXZOeUdPbVByTitZemVINmlTYXd5VXo2dW1UN1ZkMXRuUEJ1SmdPMFM3RnRlb01BckE3TGtDcUVhMDc4bS8KRXNxNzZjYW1WdW5kRXFTRWhGMllYNkU9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
+ privateKey: '[redacted]'
serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM0RENDQWNnQ0FRQXdEUVlKS29aSWh2Y05BUUVMQlFBd0xURVZNQk1HQTFVRUNnd01aWGhoYlhCc1pTQkoKYm1NdU1SUXdFZ1lEVlFRRERBdGxlR0Z0Y0d4bExtTnZiVEFlRncweU5EQXhNall5TXpFMU16RmFGdzB5TlRBeApNalV5TXpFMU16RmFNRDh4R1RBWEJnTlZCQU1NRUdWa1oyVXVaWGhoYlhCc1pTNWpiMjB4SWpBZ0JnTlZCQW9NCkdXVmtaMlVnWlhoaGJYQnNaU0J2Y21kaGJtbDZZWFJwYjI0d2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUIKRHdBd2dnRUtBb0lCQVFDNzdodkFQQWVGUm5xL3RwR1ZkSk5lY2Fhaks2a1F5Q2pZNXIvcFh4TkJhOXZXVlFIVQpuQ1dWT3lscEVkaDZPZlltR2dvSmF0TVRUWUFYK1ZpdkxTOVhwSDhuUENZYVpvQmRpMlA0MWRrbmsyUnpGWm1sCi9YUjVIWnREWmplRE8zd3ZCSm9ubStNeFA3Qms1TGdlOWhGSFJ3akViTGNZN3crN3pxOEJEQXlJSHY3T0ozYTcKeDkvalgyUlpGdTdPNXI1eWZFUTZGc0tjelREb29DeGRVa05JZ3RwVkNvRExLdmJMNjFuZE51bGUzL21EbS92MgpTeVRIdWQxUzVkcXNwOGtKZHU4WFVSZmMyWUVsRktXdkJ0bmpoL2pyTE1YRmNhaFYvb3hKckNIdXQvUENMYkJUCkFqVGV1U0RhdVM3T0hiSlJES3dtSDdvVnZ5SUNhSXlhWWNaTkFnTUJBQUV3RFFZSktvWklodmNOQVFFTEJRQUQKZ2dFQkFHeW5yNGNPMWFZbjRNQk90aVJ2WHFJdllHNnpxZXNrNGpQbU96TjdiUTdyRzdNUngzSVQ2SW4zVFI4RApHbFAxVE54TTg5cXZRcXp4VERsdER3bXluTlV1SEdEUW4yV1Z1OFEyK0RqRnFoc3B1WHp0NnhVK2RoVVBxUnV1Ckt6c1l4TDNpMVlWZ2pDQWtBUmp4SGhMWHYwdkFUWUVRMlJ6Uko5c2ZGcWVCMHVxSk5WL0lHamJFSzQ2eTQ5QU0KNzU4TUY4T0R6cVR2Q3hMRjJYd3BScjdjSDFuZ2J4eUJ6cEdlbkpsVTI2Q2hJT1BMZUV1NTUyUVJYVGwrU2JlQQpXUzNpS01Pb3F5NGV0b0ExNWFueW43Zm01YnpINEcyZ3Yxd1pWYlBkT1dNQWRZU2I5NDIvR09CSWUzSnIyVHo3CjRJdDRROWFERnF1aG9iOTVQMUhHQkxSQ2Y5QT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
maxVersion: "1.3"
minVersion: "1.2"
diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-mtls.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-mtls.out.yaml
index 0ee4643dab6..5398303d3cb 100644
--- a/internal/gatewayapi/testdata/clienttrafficpolicy-mtls.out.yaml
+++ b/internal/gatewayapi/testdata/clienttrafficpolicy-mtls.out.yaml
@@ -231,7 +231,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -252,12 +252,12 @@ xdsIR:
name: envoy-gateway/target-gateway-1/ca.crt
certificates:
- name: envoy-gateway/tls-secret-1
- privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQzc3aHZBUEFlRlJucS8KdHBHVmRKTmVjYWFqSzZrUXlDalk1ci9wWHhOQmE5dldWUUhVbkNXVk95bHBFZGg2T2ZZbUdnb0phdE1UVFlBWAorVml2TFM5WHBIOG5QQ1lhWm9CZGkyUDQxZGtuazJSekZabWwvWFI1SFp0RFpqZURPM3d2Qkpvbm0rTXhQN0JrCjVMZ2U5aEZIUndqRWJMY1k3dys3enE4QkRBeUlIdjdPSjNhN3g5L2pYMlJaRnU3TzVyNXlmRVE2RnNLY3pURG8Kb0N4ZFVrTklndHBWQ29ETEt2Ykw2MW5kTnVsZTMvbURtL3YyU3lUSHVkMVM1ZHFzcDhrSmR1OFhVUmZjMllFbApGS1d2QnRuamgvanJMTVhGY2FoVi9veEpyQ0h1dC9QQ0xiQlRBalRldVNEYXVTN09IYkpSREt3bUg3b1Z2eUlDCmFJeWFZY1pOQWdNQkFBRUNnZ0VBSG1McVd4NHZCbk9ybHFLMGVNLzM5c1lLOEVpTTlra0c5eHRJWGVSTGxCWnIKM2dTeUNSTStXRzk2ZGZkaFkxSDFPa1ZDUGpJOFNEQzRkMzA2Ymw0Ris2RW93TXFrUytjcTlrcDYzYTg3aE5TbQpOMGdxSnl3TGV5YzRXdll2ZFA2c25scnd6MXE3Vk5QbXpQUXJ6b1hIQVc2N2tpeHA1cFF3OG1oVzVQcHlidkp5Clo2TERCZGRSZkVma2ZXVnZUUk5YWUVDUEllUStST05jR3JvVzZ5RXRrbk1BWUJjdjRlNUhCQkkrcHdyYmsrOVMKY2FQYUVjdm4vS0lyT3NpVW1FT2wwb3JXVnhkbjRmMy9MNmlFZFgyZHhIdXlwYkFiL0Qwak1MSzBwb3kyaXYyTApyOGI5VUQrRVZFNmFTVnp0MFRHbVpJYUdRVVZDQnVDTDhodlYwSU9PV1FLQmdRRGplL3JXdmk4Rndia3BRNDA0CnFQcitBaEFwaG1pV3l1a1B1VmJLN2Q5ZkdURzRHOW9Bd2wzYlFoRGVUNHhjMzd0cjlkcCtpamJuWnpKWHczL1cKcm5xTDlGWkZsVXZCYXN6c05VK1lRNmJVOE9zTXl6cURSdGJaaytVWEowUEx6QzZKWHFkNTFZdVVDM3NwL2lmNwpqWEZrME55aHcrdkY3VU51N0ZFSzVuWEUwd0tCZ1FEVGZOT0RLYmZyalNkZEhkV05iOHhkN2pGMlZSY3hTTnRUCit0L0FmbkRjZG8zK1NBUnJaRi9TM0hZWUxxL0l4dmZ5ZHdIblUxdC9INkxDZjBnQ2RXS2NXL1hway93ZUo1QXYKWmdaZjBPTXZsOXF0THJhTU44OG1HblV4K2IxdHZLWm4xQVcySFNuYXd2Z0kvMWVjSldNRUJiYkREbkx4cUpMegowTHJhT2pYVVh3S0JnRGlBbE44OXdjUTJSOTFkNy9mQTBRYkNVRzFmK3g1cEs5WkIvTExPdm9xS1lYVVBSZWltClhsV1ZaVWN5anZTS2hhemRGZllVTW1ycmtPK0htWHNqUDBELzRXWExIVlBmU1NMcVl1aTQ5UGt6RmM3SnM3RGoKcVgzRlpFT0o5eWJwZ2kyUW14eUIwL2RqbXFYbGdOelVWdlBwaE1PUlBFQ2ZHLzZ6SjdZRFpBRU5Bb0dBSElVcQo2UGRKVEVTKzJEbmJ3TFVnOUZIWTdjSlAzRitjNUZoaXNFemMzMzVGYTlNK2RWVVY3eE80QVU3YWVkTUxRUEYzCm1rQ05pRGsxODlEQ1gwS0JSK0RHNnZiLyt2a080clY1aXBaYTdPSW5wVTgxWXZkcndoR3pXRWY3bWI3bEdmOW4KdmNWMURZRlpmYTBoblhjVlFVZWIrL1lJM2pvRGgwblF5UGtzcFRVQ2dZRUF0NERNajdZbStRS2J2bTJXaWNlcAo1Q2s3YWFMSUxuVHZqbGRLMkdjM2loOGVGRlE2Vy9pcUc1UUEzeHMwem8xVnhlUkhPWGkrK01xWjVWTVZMZFRWCjMxWXZOeUdPbVByTitZemVINmlTYXd5VXo2dW1UN1ZkMXRuUEJ1SmdPMFM3RnRlb01BckE3TGtDcUVhMDc4bS8KRXNxNzZjYW1WdW5kRXFTRWhGMllYNkU9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
+ privateKey: '[redacted]'
serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM0RENDQWNnQ0FRQXdEUVlKS29aSWh2Y05BUUVMQlFBd0xURVZNQk1HQTFVRUNnd01aWGhoYlhCc1pTQkoKYm1NdU1SUXdFZ1lEVlFRRERBdGxlR0Z0Y0d4bExtTnZiVEFlRncweU5EQXhNall5TXpFMU16RmFGdzB5TlRBeApNalV5TXpFMU16RmFNRDh4R1RBWEJnTlZCQU1NRUdWa1oyVXVaWGhoYlhCc1pTNWpiMjB4SWpBZ0JnTlZCQW9NCkdXVmtaMlVnWlhoaGJYQnNaU0J2Y21kaGJtbDZZWFJwYjI0d2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUIKRHdBd2dnRUtBb0lCQVFDNzdodkFQQWVGUm5xL3RwR1ZkSk5lY2Fhaks2a1F5Q2pZNXIvcFh4TkJhOXZXVlFIVQpuQ1dWT3lscEVkaDZPZlltR2dvSmF0TVRUWUFYK1ZpdkxTOVhwSDhuUENZYVpvQmRpMlA0MWRrbmsyUnpGWm1sCi9YUjVIWnREWmplRE8zd3ZCSm9ubStNeFA3Qms1TGdlOWhGSFJ3akViTGNZN3crN3pxOEJEQXlJSHY3T0ozYTcKeDkvalgyUlpGdTdPNXI1eWZFUTZGc0tjelREb29DeGRVa05JZ3RwVkNvRExLdmJMNjFuZE51bGUzL21EbS92MgpTeVRIdWQxUzVkcXNwOGtKZHU4WFVSZmMyWUVsRktXdkJ0bmpoL2pyTE1YRmNhaFYvb3hKckNIdXQvUENMYkJUCkFqVGV1U0RhdVM3T0hiSlJES3dtSDdvVnZ5SUNhSXlhWWNaTkFnTUJBQUV3RFFZSktvWklodmNOQVFFTEJRQUQKZ2dFQkFHeW5yNGNPMWFZbjRNQk90aVJ2WHFJdllHNnpxZXNrNGpQbU96TjdiUTdyRzdNUngzSVQ2SW4zVFI4RApHbFAxVE54TTg5cXZRcXp4VERsdER3bXluTlV1SEdEUW4yV1Z1OFEyK0RqRnFoc3B1WHp0NnhVK2RoVVBxUnV1Ckt6c1l4TDNpMVlWZ2pDQWtBUmp4SGhMWHYwdkFUWUVRMlJ6Uko5c2ZGcWVCMHVxSk5WL0lHamJFSzQ2eTQ5QU0KNzU4TUY4T0R6cVR2Q3hMRjJYd3BScjdjSDFuZ2J4eUJ6cEdlbkpsVTI2Q2hJT1BMZUV1NTUyUVJYVGwrU2JlQQpXUzNpS01Pb3F5NGV0b0ExNWFueW43Zm01YnpINEcyZ3Yxd1pWYlBkT1dNQWRZU2I5NDIvR09CSWUzSnIyVHo3CjRJdDRROWFERnF1aG9iOTVQMUhHQkxSQ2Y5QT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
maxVersion: "1.3"
minVersion: "1.2"
requireClientCertificate: true
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -276,7 +276,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -297,7 +297,7 @@ xdsIR:
name: envoy-gateway/target-gateway-2/ca.crt
certificates:
- name: envoy-gateway/tls-secret-1
- privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQzc3aHZBUEFlRlJucS8KdHBHVmRKTmVjYWFqSzZrUXlDalk1ci9wWHhOQmE5dldWUUhVbkNXVk95bHBFZGg2T2ZZbUdnb0phdE1UVFlBWAorVml2TFM5WHBIOG5QQ1lhWm9CZGkyUDQxZGtuazJSekZabWwvWFI1SFp0RFpqZURPM3d2Qkpvbm0rTXhQN0JrCjVMZ2U5aEZIUndqRWJMY1k3dys3enE4QkRBeUlIdjdPSjNhN3g5L2pYMlJaRnU3TzVyNXlmRVE2RnNLY3pURG8Kb0N4ZFVrTklndHBWQ29ETEt2Ykw2MW5kTnVsZTMvbURtL3YyU3lUSHVkMVM1ZHFzcDhrSmR1OFhVUmZjMllFbApGS1d2QnRuamgvanJMTVhGY2FoVi9veEpyQ0h1dC9QQ0xiQlRBalRldVNEYXVTN09IYkpSREt3bUg3b1Z2eUlDCmFJeWFZY1pOQWdNQkFBRUNnZ0VBSG1McVd4NHZCbk9ybHFLMGVNLzM5c1lLOEVpTTlra0c5eHRJWGVSTGxCWnIKM2dTeUNSTStXRzk2ZGZkaFkxSDFPa1ZDUGpJOFNEQzRkMzA2Ymw0Ris2RW93TXFrUytjcTlrcDYzYTg3aE5TbQpOMGdxSnl3TGV5YzRXdll2ZFA2c25scnd6MXE3Vk5QbXpQUXJ6b1hIQVc2N2tpeHA1cFF3OG1oVzVQcHlidkp5Clo2TERCZGRSZkVma2ZXVnZUUk5YWUVDUEllUStST05jR3JvVzZ5RXRrbk1BWUJjdjRlNUhCQkkrcHdyYmsrOVMKY2FQYUVjdm4vS0lyT3NpVW1FT2wwb3JXVnhkbjRmMy9MNmlFZFgyZHhIdXlwYkFiL0Qwak1MSzBwb3kyaXYyTApyOGI5VUQrRVZFNmFTVnp0MFRHbVpJYUdRVVZDQnVDTDhodlYwSU9PV1FLQmdRRGplL3JXdmk4Rndia3BRNDA0CnFQcitBaEFwaG1pV3l1a1B1VmJLN2Q5ZkdURzRHOW9Bd2wzYlFoRGVUNHhjMzd0cjlkcCtpamJuWnpKWHczL1cKcm5xTDlGWkZsVXZCYXN6c05VK1lRNmJVOE9zTXl6cURSdGJaaytVWEowUEx6QzZKWHFkNTFZdVVDM3NwL2lmNwpqWEZrME55aHcrdkY3VU51N0ZFSzVuWEUwd0tCZ1FEVGZOT0RLYmZyalNkZEhkV05iOHhkN2pGMlZSY3hTTnRUCit0L0FmbkRjZG8zK1NBUnJaRi9TM0hZWUxxL0l4dmZ5ZHdIblUxdC9INkxDZjBnQ2RXS2NXL1hway93ZUo1QXYKWmdaZjBPTXZsOXF0THJhTU44OG1HblV4K2IxdHZLWm4xQVcySFNuYXd2Z0kvMWVjSldNRUJiYkREbkx4cUpMegowTHJhT2pYVVh3S0JnRGlBbE44OXdjUTJSOTFkNy9mQTBRYkNVRzFmK3g1cEs5WkIvTExPdm9xS1lYVVBSZWltClhsV1ZaVWN5anZTS2hhemRGZllVTW1ycmtPK0htWHNqUDBELzRXWExIVlBmU1NMcVl1aTQ5UGt6RmM3SnM3RGoKcVgzRlpFT0o5eWJwZ2kyUW14eUIwL2RqbXFYbGdOelVWdlBwaE1PUlBFQ2ZHLzZ6SjdZRFpBRU5Bb0dBSElVcQo2UGRKVEVTKzJEbmJ3TFVnOUZIWTdjSlAzRitjNUZoaXNFemMzMzVGYTlNK2RWVVY3eE80QVU3YWVkTUxRUEYzCm1rQ05pRGsxODlEQ1gwS0JSK0RHNnZiLyt2a080clY1aXBaYTdPSW5wVTgxWXZkcndoR3pXRWY3bWI3bEdmOW4KdmNWMURZRlpmYTBoblhjVlFVZWIrL1lJM2pvRGgwblF5UGtzcFRVQ2dZRUF0NERNajdZbStRS2J2bTJXaWNlcAo1Q2s3YWFMSUxuVHZqbGRLMkdjM2loOGVGRlE2Vy9pcUc1UUEzeHMwem8xVnhlUkhPWGkrK01xWjVWTVZMZFRWCjMxWXZOeUdPbVByTitZemVINmlTYXd5VXo2dW1UN1ZkMXRuUEJ1SmdPMFM3RnRlb01BckE3TGtDcUVhMDc4bS8KRXNxNzZjYW1WdW5kRXFTRWhGMllYNkU9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
+ privateKey: '[redacted]'
serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM0RENDQWNnQ0FRQXdEUVlKS29aSWh2Y05BUUVMQlFBd0xURVZNQk1HQTFVRUNnd01aWGhoYlhCc1pTQkoKYm1NdU1SUXdFZ1lEVlFRRERBdGxlR0Z0Y0d4bExtTnZiVEFlRncweU5EQXhNall5TXpFMU16RmFGdzB5TlRBeApNalV5TXpFMU16RmFNRDh4R1RBWEJnTlZCQU1NRUdWa1oyVXVaWGhoYlhCc1pTNWpiMjB4SWpBZ0JnTlZCQW9NCkdXVmtaMlVnWlhoaGJYQnNaU0J2Y21kaGJtbDZZWFJwYjI0d2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUIKRHdBd2dnRUtBb0lCQVFDNzdodkFQQWVGUm5xL3RwR1ZkSk5lY2Fhaks2a1F5Q2pZNXIvcFh4TkJhOXZXVlFIVQpuQ1dWT3lscEVkaDZPZlltR2dvSmF0TVRUWUFYK1ZpdkxTOVhwSDhuUENZYVpvQmRpMlA0MWRrbmsyUnpGWm1sCi9YUjVIWnREWmplRE8zd3ZCSm9ubStNeFA3Qms1TGdlOWhGSFJ3akViTGNZN3crN3pxOEJEQXlJSHY3T0ozYTcKeDkvalgyUlpGdTdPNXI1eWZFUTZGc0tjelREb29DeGRVa05JZ3RwVkNvRExLdmJMNjFuZE51bGUzL21EbS92MgpTeVRIdWQxUzVkcXNwOGtKZHU4WFVSZmMyWUVsRktXdkJ0bmpoL2pyTE1YRmNhaFYvb3hKckNIdXQvUENMYkJUCkFqVGV1U0RhdVM3T0hiSlJES3dtSDdvVnZ5SUNhSXlhWWNaTkFnTUJBQUV3RFFZSktvWklodmNOQVFFTEJRQUQKZ2dFQkFHeW5yNGNPMWFZbjRNQk90aVJ2WHFJdllHNnpxZXNrNGpQbU96TjdiUTdyRzdNUngzSVQ2SW4zVFI4RApHbFAxVE54TTg5cXZRcXp4VERsdER3bXluTlV1SEdEUW4yV1Z1OFEyK0RqRnFoc3B1WHp0NnhVK2RoVVBxUnV1Ckt6c1l4TDNpMVlWZ2pDQWtBUmp4SGhMWHYwdkFUWUVRMlJ6Uko5c2ZGcWVCMHVxSk5WL0lHamJFSzQ2eTQ5QU0KNzU4TUY4T0R6cVR2Q3hMRjJYd3BScjdjSDFuZ2J4eUJ6cEdlbkpsVTI2Q2hJT1BMZUV1NTUyUVJYVGwrU2JlQQpXUzNpS01Pb3F5NGV0b0ExNWFueW43Zm01YnpINEcyZ3Yxd1pWYlBkT1dNQWRZU2I5NDIvR09CSWUzSnIyVHo3CjRJdDRROWFERnF1aG9iOTVQMUhHQkxSQ2Y5QT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
maxVersion: "1.3"
minVersion: "1.2"
diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-path-settings.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-path-settings.out.yaml
index 2cf85c63b8b..38eeb8b5a52 100644
--- a/internal/gatewayapi/testdata/clienttrafficpolicy-path-settings.out.yaml
+++ b/internal/gatewayapi/testdata/clienttrafficpolicy-path-settings.out.yaml
@@ -126,7 +126,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -140,7 +140,7 @@ xdsIR:
escapedSlashesAction: KeepUnchanged
mergeSlashes: false
port: 10080
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-preserve-case-multiple-targets.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-preserve-case-multiple-targets.out.yaml
index 5f48ea0ed67..80d4350f638 100644
--- a/internal/gatewayapi/testdata/clienttrafficpolicy-preserve-case-multiple-targets.out.yaml
+++ b/internal/gatewayapi/testdata/clienttrafficpolicy-preserve-case-multiple-targets.out.yaml
@@ -198,7 +198,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
http1:
@@ -220,7 +220,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -234,7 +234,7 @@ xdsIR:
escapedSlashesAction: UnescapeAndRedirect
mergeSlashes: true
port: 10080
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
http1:
diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-preserve-case.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-preserve-case.out.yaml
index 4f6bfdbdf97..160cc58044c 100644
--- a/internal/gatewayapi/testdata/clienttrafficpolicy-preserve-case.out.yaml
+++ b/internal/gatewayapi/testdata/clienttrafficpolicy-preserve-case.out.yaml
@@ -126,7 +126,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
http1:
@@ -143,7 +143,7 @@ xdsIR:
escapedSlashesAction: UnescapeAndRedirect
mergeSlashes: true
port: 10080
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
http1:
diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-proxyprotocol.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-proxyprotocol.out.yaml
index 0d88cb4d8fd..bfac33d66db 100644
--- a/internal/gatewayapi/testdata/clienttrafficpolicy-proxyprotocol.out.yaml
+++ b/internal/gatewayapi/testdata/clienttrafficpolicy-proxyprotocol.out.yaml
@@ -126,7 +126,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
enableProxyProtocol: true
hostnames:
- '*'
@@ -141,7 +141,7 @@ xdsIR:
escapedSlashesAction: UnescapeAndRedirect
mergeSlashes: true
port: 10080
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-ratelimitheaders.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-ratelimitheaders.out.yaml
index 51e89d7272b..d3daeca2460 100644
--- a/internal/gatewayapi/testdata/clienttrafficpolicy-ratelimitheaders.out.yaml
+++ b/internal/gatewayapi/testdata/clienttrafficpolicy-ratelimitheaders.out.yaml
@@ -126,7 +126,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
headers:
disableRateLimitHeaders: true
enableEnvoyHeaders: true
@@ -144,7 +144,7 @@ xdsIR:
escapedSlashesAction: UnescapeAndRedirect
mergeSlashes: true
port: 10080
- - address: 0.0.0.0
+ - address: '::'
headers:
disableRateLimitHeaders: true
enableEnvoyHeaders: true
diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-status-conditions.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-status-conditions.out.yaml
index f4fcac96827..726b258d2b0 100644
--- a/internal/gatewayapi/testdata/clienttrafficpolicy-status-conditions.out.yaml
+++ b/internal/gatewayapi/testdata/clienttrafficpolicy-status-conditions.out.yaml
@@ -502,7 +502,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -521,7 +521,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -536,7 +536,7 @@ xdsIR:
mergeSlashes: true
port: 10080
tcp:
- - address: 0.0.0.0
+ - address: '::'
name: envoy-gateway/gateway-2/tcp
port: 10053
envoy-gateway/gateway-3:
@@ -544,7 +544,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -563,7 +563,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-tcp-keepalive.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-tcp-keepalive.out.yaml
index 8b0e90b3848..b09699c1419 100644
--- a/internal/gatewayapi/testdata/clienttrafficpolicy-tcp-keepalive.out.yaml
+++ b/internal/gatewayapi/testdata/clienttrafficpolicy-tcp-keepalive.out.yaml
@@ -161,7 +161,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -179,7 +179,7 @@ xdsIR:
idleTime: 1200
interval: 60
probes: 3
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-timeout-with-error.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-timeout-with-error.out.yaml
index 7d12e8b98ac..4554e319052 100644
--- a/internal/gatewayapi/testdata/clienttrafficpolicy-timeout-with-error.out.yaml
+++ b/internal/gatewayapi/testdata/clienttrafficpolicy-timeout-with-error.out.yaml
@@ -90,7 +90,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-timeout.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-timeout.out.yaml
index 664f5fe1fc7..97416a04bab 100644
--- a/internal/gatewayapi/testdata/clienttrafficpolicy-timeout.out.yaml
+++ b/internal/gatewayapi/testdata/clienttrafficpolicy-timeout.out.yaml
@@ -128,7 +128,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -145,7 +145,7 @@ xdsIR:
timeout:
http:
requestReceivedTimeout: 5s
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-tls-settings.in.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-tls-settings.in.yaml
index bc5878a52f0..ffe526627f2 100644
--- a/internal/gatewayapi/testdata/clienttrafficpolicy-tls-settings.in.yaml
+++ b/internal/gatewayapi/testdata/clienttrafficpolicy-tls-settings.in.yaml
@@ -26,6 +26,29 @@ clientTrafficPolicies:
resumption:
stateless: {}
stateful: {}
+- apiVersion: gateway.envoyproxy.io/v1alpha1
+ kind: ClientTrafficPolicy
+ metadata:
+ namespace: envoy-gateway
+ name: target-gateway-2
+ spec:
+ targetRef:
+ group: gateway.networking.k8s.io
+ kind: Gateway
+ name: gateway-2
+ tls:
+ alpnProtocols: []
+- apiVersion: gateway.envoyproxy.io/v1alpha1
+ kind: ClientTrafficPolicy
+ metadata:
+ namespace: envoy-gateway
+ name: target-gateway-3
+ spec:
+ targetRef:
+ group: gateway.networking.k8s.io
+ kind: Gateway
+ name: gateway-3
+ tls:
gateways:
- apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
@@ -52,6 +75,44 @@ gateways:
allowedRoutes:
namespaces:
from: Same
+- apiVersion: gateway.networking.k8s.io/v1
+ kind: Gateway
+ metadata:
+ namespace: envoy-gateway
+ name: gateway-2
+ spec:
+ gatewayClassName: envoy-gateway-class
+ listeners:
+ - name: http-1
+ protocol: HTTPS
+ port: 443
+ allowedRoutes:
+ namespaces:
+ from: Same
+ tls:
+ mode: Terminate
+ certificateRefs:
+ - name: tls-secret-1
+ namespace: envoy-gateway
+- apiVersion: gateway.networking.k8s.io/v1
+ kind: Gateway
+ metadata:
+ namespace: envoy-gateway
+ name: gateway-3
+ spec:
+ gatewayClassName: envoy-gateway-class
+ listeners:
+ - name: http-1
+ protocol: HTTPS
+ port: 443
+ allowedRoutes:
+ namespaces:
+ from: Same
+ tls:
+ mode: Terminate
+ certificateRefs:
+ - name: tls-secret-1
+ namespace: envoy-gateway
secrets:
- apiVersion: v1
kind: Secret
diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-tls-settings.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-tls-settings.out.yaml
index ed684f328b4..917547923a5 100644
--- a/internal/gatewayapi/testdata/clienttrafficpolicy-tls-settings.out.yaml
+++ b/internal/gatewayapi/testdata/clienttrafficpolicy-tls-settings.out.yaml
@@ -41,6 +41,57 @@ clientTrafficPolicies:
status: "True"
type: Accepted
controllerName: gateway.envoyproxy.io/gatewayclass-controller
+- apiVersion: gateway.envoyproxy.io/v1alpha1
+ kind: ClientTrafficPolicy
+ metadata:
+ creationTimestamp: null
+ name: target-gateway-2
+ namespace: envoy-gateway
+ spec:
+ targetRef:
+ group: gateway.networking.k8s.io
+ kind: Gateway
+ name: gateway-2
+ tls: {}
+ status:
+ ancestors:
+ - ancestorRef:
+ group: gateway.networking.k8s.io
+ kind: Gateway
+ name: gateway-2
+ namespace: envoy-gateway
+ conditions:
+ - lastTransitionTime: null
+ message: Policy has been accepted.
+ reason: Accepted
+ status: "True"
+ type: Accepted
+ controllerName: gateway.envoyproxy.io/gatewayclass-controller
+- apiVersion: gateway.envoyproxy.io/v1alpha1
+ kind: ClientTrafficPolicy
+ metadata:
+ creationTimestamp: null
+ name: target-gateway-3
+ namespace: envoy-gateway
+ spec:
+ targetRef:
+ group: gateway.networking.k8s.io
+ kind: Gateway
+ name: gateway-3
+ status:
+ ancestors:
+ - ancestorRef:
+ group: gateway.networking.k8s.io
+ kind: Gateway
+ name: gateway-3
+ namespace: envoy-gateway
+ conditions:
+ - lastTransitionTime: null
+ message: Policy has been accepted.
+ reason: Accepted
+ status: "True"
+ type: Accepted
+ controllerName: gateway.envoyproxy.io/gatewayclass-controller
gateways:
- apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
@@ -118,6 +169,100 @@ gateways:
kind: HTTPRoute
- group: gateway.networking.k8s.io
kind: GRPCRoute
+- apiVersion: gateway.networking.k8s.io/v1
+ kind: Gateway
+ metadata:
+ creationTimestamp: null
+ name: gateway-2
+ namespace: envoy-gateway
+ spec:
+ gatewayClassName: envoy-gateway-class
+ listeners:
+ - allowedRoutes:
+ namespaces:
+ from: Same
+ name: http-1
+ port: 443
+ protocol: HTTPS
+ tls:
+ certificateRefs:
+ - group: null
+ kind: null
+ name: tls-secret-1
+ namespace: envoy-gateway
+ mode: Terminate
+ status:
+ listeners:
+ - attachedRoutes: 0
+ conditions:
+ - lastTransitionTime: null
+ message: Sending translated listener configuration to the data plane
+ reason: Programmed
+ status: "True"
+ type: Programmed
+ - lastTransitionTime: null
+ message: Listener has been successfully translated
+ reason: Accepted
+ status: "True"
+ type: Accepted
+ - lastTransitionTime: null
+ message: Listener references have been resolved
+ reason: ResolvedRefs
+ status: "True"
+ type: ResolvedRefs
+ name: http-1
+ supportedKinds:
+ - group: gateway.networking.k8s.io
+ kind: HTTPRoute
+ - group: gateway.networking.k8s.io
+ kind: GRPCRoute
+- apiVersion: gateway.networking.k8s.io/v1
+ kind: Gateway
+ metadata:
+ creationTimestamp: null
+ name: gateway-3
+ namespace: envoy-gateway
+ spec:
+ gatewayClassName: envoy-gateway-class
+ listeners:
+ - allowedRoutes:
+ namespaces:
+ from: Same
+ name: http-1
+ port: 443
+ protocol: HTTPS
+ tls:
+ certificateRefs:
+ - group: null
+ kind: null
+ name: tls-secret-1
+ namespace: envoy-gateway
+ mode: Terminate
+ status:
+ listeners:
+ - attachedRoutes: 0
+ conditions:
+ - lastTransitionTime: null
+ message: Sending translated listener configuration to the data plane
+ reason: Programmed
+ status: "True"
+ type: Programmed
+ - lastTransitionTime: null
+ message: Listener has been successfully translated
+ reason: Accepted
+ status: "True"
+ type: Accepted
+ - lastTransitionTime: null
+ message: Listener references have been resolved
+ reason: ResolvedRefs
+ status: "True"
+ type: ResolvedRefs
+ name: http-1
+ supportedKinds:
+ - group: gateway.networking.k8s.io
+ kind: HTTPRoute
+ - group: gateway.networking.k8s.io
+ kind: GRPCRoute
infraIR:
envoy-gateway/gateway-1:
proxy:
@@ -141,13 +286,43 @@ infraIR:
gateway.envoyproxy.io/owning-gateway-name: gateway-1
gateway.envoyproxy.io/owning-gateway-namespace: envoy-gateway
name: envoy-gateway/gateway-1
+ envoy-gateway/gateway-2:
+ proxy:
+ listeners:
+ - address: null
+ name: envoy-gateway/gateway-2/http-1
+ ports:
+ - containerPort: 10443
+ name: https-443
+ protocol: HTTPS
+ servicePort: 443
+ metadata:
+ labels:
+ gateway.envoyproxy.io/owning-gateway-name: gateway-2
+ gateway.envoyproxy.io/owning-gateway-namespace: envoy-gateway
+ name: envoy-gateway/gateway-2
+ envoy-gateway/gateway-3:
+ proxy:
+ listeners:
+ - address: null
+ name: envoy-gateway/gateway-3/http-1
+ ports:
+ - containerPort: 10443
+ name: https-443
+ protocol: HTTPS
+ servicePort: 443
+ metadata:
+ labels:
+ gateway.envoyproxy.io/owning-gateway-name: gateway-3
+ gateway.envoyproxy.io/owning-gateway-namespace: envoy-gateway
+ name: envoy-gateway/gateway-3
xdsIR:
envoy-gateway/gateway-1:
accessLog:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -166,7 +341,7 @@ xdsIR:
- h2
certificates:
- name: envoy-gateway/tls-secret-1
- privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2QwZlBDYWtweE1nUnUKT0VXQjFiQk5FM3ZseW55aTZWbkV2VWF1OUhvakR2UHVPTFJIaGI4MmoyY1ovMHhnL1lKR09LelBuV2JERkxGNApHdWh3dDRENmFUR0xYNklPODEwTDZ0SXZIWGZNUXRJS2VwdTZ3K3p1WVo4bG1yejB1RjZlWEtqamVIbHhyb2ZrCnVNekM3OUVaU0lYZlZlczJ1SmdVRSs4VGFzSDUzQ2Y4MFNSRGlIeEdxckttdVNjWCtwejBreGdCZ1VWYTVVS20KUWdTZDFmVUxLOUEwNXAxOXkrdURPM204bVhRNkxVQ0N1STFwZHNROGFlNS9zamlxa0VjWlJjMTdWYVgxWjVVaQpvcGZnNW9SY05VTG9VTHNiek9aNTR0YlVDUmdSV2VLbGZxaElINEZ6OUlkVlUyR3dFdEdhMmV6TjgyMVBaQ3QzCjZhbVRIelJsQWdNQkFBRUNnZ0VBWTFGTUlLNDVXTkVNUHJ6RTZUY3NNdVV2RkdhQVZ4bVk5NW5SMEtwajdvb3IKY21CVys2ZXN0TTQ4S1AwaitPbXd3VFpMY29Cd3VoWGN0V1Bob1lXcDhteWUxRUlEdjNyaHRHMDdocEQ1NGg2dgpCZzh3ejdFYStzMk9sT0N6UnlKNzBSY281YlhjWDNGaGJjdnFlRWJwaFFyQnpOSEtLMjZ4cmZqNWZIT3p6T1FGCmJHdUZ3SDVic3JGdFhlajJXM3c4eW90N0ZQSDV3S3RpdnhvSWU5RjMyOXNnOU9EQnZqWnpiaG1LVTArckFTK1kKRGVield2bFJyaEUrbXVmQTN6M0N0QXhDOFJpNzNscFNoTDRQQWlvcG1SUXlxZXRXMjYzOFFxcnM0R3hnNzhwbApJUXJXTmNBc2s3Slg5d3RZenV6UFBXSXRWTTFscFJiQVRhNTJqdFl2NVFLQmdRRE5tMTFtZTRYam1ZSFV2cStZCmFTUzdwK2UybXZEMHVaOU9JeFluQnBWMGkrckNlYnFFMkE1Rm5hcDQ5Yld4QTgwUElldlVkeUpCL2pUUkoxcVMKRUpXQkpMWm1LVkg2K1QwdWw1ZUtOcWxFTFZHU0dCSXNpeE9SUXpDZHBoMkx0UmtBMHVjSVUzY3hiUmVMZkZCRQpiSkdZWENCdlNGcWd0VDlvZTFldVpMVmFOd0tCZ1FERWdENzJENk81eGIweEQ1NDQ1M0RPMUJhZmd6aThCWDRTCk1SaVd2LzFUQ0w5N05sRWtoeXovNmtQd1owbXJRcE5CMzZFdkpKZFVteHdkU2MyWDhrOGcxMC85NVlLQkdWQWoKL3d0YVZYbE9WeEFvK0ZSelpZeFpyQ29uWWFSMHVwUzFybDRtenN4REhlZU9mUVZUTUgwUjdZN0pnbTA5dXQ4SwplanAvSXZBb1F3S0JnQjNaRWlRUWhvMVYrWjBTMlpiOG5KS0plMy9zMmxJTXFHM0ZkaS9RS3Q0eWViQWx6OGY5ClBZVXBzRmZEQTg5Z3grSU1nSm5sZVptdTk2ZnRXSjZmdmJSenllN216TG5zZU05TXZua1lHbGFGWmJRWnZubXMKN3ZoRmtzY3dHRlh4d21GMlBJZmU1Z3pNMDRBeVdjeTFIaVhLS2dNOXM3cGsxWUdyZGowZzdacmRBb0dCQUtLNApDR3MrbkRmMEZTMFJYOWFEWVJrRTdBNy9YUFhtSG5YMkRnU1h5N0Q4NTRPaWdTTWNoUmtPNTErbVNJejNQbllvCk41T1FXM2lHVVl1M1YvYmhnc0VSUzM1V2xmRk9BdDBzRUR5bjF5SVdXcDF5dG93d3BUNkVvUXVuZ2NYZjA5RjMKS1NROXowd3M4VmsvRWkvSFVXcU5LOWFXbU51cmFaT0ZqL2REK1ZkOUFvR0FMWFN3dEE3K043RDRkN0VEMURSRQpHTWdZNVd3OHFvdDZSdUNlNkpUY0FnU3B1MkhNU3JVY2dXclpiQnJZb09FUnVNQjFoMVJydk5ybU1qQlM0VW9FClgyZC8vbGhpOG1wL2VESWN3UDNRa2puanBJRFJWMFN1eWxrUkVaZURKZjVZb3R6eDdFdkJhbzFIbkQrWEg4eUIKVUtmWGJTaHZKVUdhRmgxT3Q1Y3JoM1k9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
+ privateKey: '[redacted]'
serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUREVENDQWZXZ0F3SUJBZ0lVRUZNaFA5ZUo5WEFCV3NRNVptNmJSazJjTE5Rd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZqRVVNQklHQTFVRUF3d0xabTl2TG1KaGNpNWpiMjB3SGhjTk1qUXdNakk1TURrek1ERXdXaGNOTXpRdwpNakkyTURrek1ERXdXakFXTVJRd0VnWURWUVFEREF0bWIyOHVZbUZ5TG1OdmJUQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFKbEk2WXhFOVprQ1BzNnBDUXhickNtZWl4OVA1RGZ4OVJ1NUxENFQKSm1kVzdJS2R0UVYvd2ZMbXRzdTc2QithVGRDaldlMEJUZmVPT1JCYlIzY1BBRzZFbFFMaWNsUVVydW4zcStncwpKcEsrSTdjSStqNXc4STY4WEg1V1E3clZVdGJ3SHBxYncrY1ZuQnFJVU9MaUlhdGpJZjdLWDUxTTF1RjljZkVICkU0RG5jSDZyYnI1OS9SRlpCc2toeHM1T3p3Sklmb2hreXZGd2V1VHd4Sy9WcGpJKzdPYzQ4QUJDWHBOTzlEL3EKRWgrck9hdWpBTWNYZ0hRSVRrQ2lpVVRjVW82TFNIOXZMWlB0YXFmem9acTZuaE1xcFc2NUUxcEF3RjNqeVRUeAphNUk4SmNmU0Zqa2llWjIwTFVRTW43TThVNHhIamFvL2d2SDBDQWZkQjdSTFUyc0NBd0VBQWFOVE1GRXdIUVlEClZSME9CQllFRk9SQ0U4dS8xRERXN2loWnA3Y3g5dFNtUG02T01COEdBMVVkSXdRWU1CYUFGT1JDRTh1LzFERFcKN2loWnA3Y3g5dFNtUG02T01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQgpBRnQ1M3pqc3FUYUg1YThFMmNodm1XQWdDcnhSSzhiVkxNeGl3TkdqYm1FUFJ6K3c2TngrazBBOEtFY0lEc0tjClNYY2k1OHU0b1didFZKQmx6YS9adWpIUjZQMUJuT3BsK2FveTc4NGJiZDRQMzl3VExvWGZNZmJCQ20xdmV2aDkKQUpLbncyWnRxcjRta2JMY3hFcWxxM3NCTEZBUzlzUUxuS05DZTJjR0xkVHAyYm9HK3FjZ3lRZ0NJTTZmOEVNdgpXUGlmQ01NR3V6Sy9HUkY0YlBPL1lGNDhld0R1M1VlaWgwWFhkVUFPRTlDdFVhOE5JaGMxVVBhT3pQcnRZVnFyClpPR2t2L0t1K0I3OGg4U0VzTzlYclFjdXdiT25KeDZLdFIrYWV5a3ZBcFhDUTNmWkMvYllLQUFSK1A4QUpvUVoKYndJVW1YaTRnajVtK2JLUGhlK2lyK0U9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
ciphers:
- cipher1
@@ -180,7 +355,7 @@ xdsIR:
- sig2
statefulSessionResumption: true
statelessSessionResumption: true
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -194,3 +369,57 @@ xdsIR:
escapedSlashesAction: UnescapeAndRedirect
mergeSlashes: true
port: 8080
+ envoy-gateway/gateway-2:
+ accessLog:
+ text:
+ - path: /dev/stdout
+ http:
+ - address: '::'
+ hostnames:
+ - '*'
+ isHTTP2: false
+ metadata:
+ kind: Gateway
+ name: gateway-2
+ namespace: envoy-gateway
+ sectionName: http-1
+ name: envoy-gateway/gateway-2/http-1
+ path:
+ escapedSlashesAction: UnescapeAndRedirect
+ mergeSlashes: true
+ port: 10443
+ tls:
+ alpnProtocols: []
+ certificates:
+ - name: envoy-gateway/tls-secret-1
+ privateKey: '[redacted]'
+ serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUREVENDQWZXZ0F3SUJBZ0lVRUZNaFA5ZUo5WEFCV3NRNVptNmJSazJjTE5Rd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZqRVVNQklHQTFVRUF3d0xabTl2TG1KaGNpNWpiMjB3SGhjTk1qUXdNakk1TURrek1ERXdXaGNOTXpRdwpNakkyTURrek1ERXdXakFXTVJRd0VnWURWUVFEREF0bWIyOHVZbUZ5TG1OdmJUQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFKbEk2WXhFOVprQ1BzNnBDUXhickNtZWl4OVA1RGZ4OVJ1NUxENFQKSm1kVzdJS2R0UVYvd2ZMbXRzdTc2QithVGRDaldlMEJUZmVPT1JCYlIzY1BBRzZFbFFMaWNsUVVydW4zcStncwpKcEsrSTdjSStqNXc4STY4WEg1V1E3clZVdGJ3SHBxYncrY1ZuQnFJVU9MaUlhdGpJZjdLWDUxTTF1RjljZkVICkU0RG5jSDZyYnI1OS9SRlpCc2toeHM1T3p3Sklmb2hreXZGd2V1VHd4Sy9WcGpJKzdPYzQ4QUJDWHBOTzlEL3EKRWgrck9hdWpBTWNYZ0hRSVRrQ2lpVVRjVW82TFNIOXZMWlB0YXFmem9acTZuaE1xcFc2NUUxcEF3RjNqeVRUeAphNUk4SmNmU0Zqa2llWjIwTFVRTW43TThVNHhIamFvL2d2SDBDQWZkQjdSTFUyc0NBd0VBQWFOVE1GRXdIUVlEClZSME9CQllFRk9SQ0U4dS8xRERXN2loWnA3Y3g5dFNtUG02T01COEdBMVVkSXdRWU1CYUFGT1JDRTh1LzFERFcKN2loWnA3Y3g5dFNtUG02T01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQgpBRnQ1M3pqc3FUYUg1YThFMmNodm1XQWdDcnhSSzhiVkxNeGl3TkdqYm1FUFJ6K3c2TngrazBBOEtFY0lEc0tjClNYY2k1OHU0b1didFZKQmx6YS9adWpIUjZQMUJuT3BsK2FveTc4NGJiZDRQMzl3VExvWGZNZmJCQ20xdmV2aDkKQUpLbncyWnRxcjRta2JMY3hFcWxxM3NCTEZBUzlzUUxuS05DZTJjR0xkVHAyYm9HK3FjZ3lRZ0NJTTZmOEVNdgpXUGlmQ01NR3V6Sy9HUkY0YlBPL1lGNDhld0R1M1VlaWgwWFhkVUFPRTlDdFVhOE5JaGMxVVBhT3pQcnRZVnFyClpPR2t2L0t1K0I3OGg4U0VzTzlYclFjdXdiT25KeDZLdFIrYWV5a3ZBcFhDUTNmWkMvYllLQUFSK1A4QUpvUVoKYndJVW1YaTRnajVtK2JLUGhlK2lyK0U9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
+ maxVersion: "1.3"
+ minVersion: "1.2"
+ envoy-gateway/gateway-3:
+ accessLog:
+ text:
+ - path: /dev/stdout
+ http:
+ - address: '::'
+ hostnames:
+ - '*'
+ isHTTP2: false
+ metadata:
+ kind: Gateway
+ name: gateway-3
+ namespace: envoy-gateway
+ sectionName: http-1
+ name: envoy-gateway/gateway-3/http-1
+ path:
+ escapedSlashesAction: UnescapeAndRedirect
+ mergeSlashes: true
+ port: 10443
+ tls:
+ alpnProtocols: null
+ certificates:
+ - name: envoy-gateway/tls-secret-1
+ privateKey: '[redacted]'
+ serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUREVENDQWZXZ0F3SUJBZ0lVRUZNaFA5ZUo5WEFCV3NRNVptNmJSazJjTE5Rd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZqRVVNQklHQTFVRUF3d0xabTl2TG1KaGNpNWpiMjB3SGhjTk1qUXdNakk1TURrek1ERXdXaGNOTXpRdwpNakkyTURrek1ERXdXakFXTVJRd0VnWURWUVFEREF0bWIyOHVZbUZ5TG1OdmJUQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFKbEk2WXhFOVprQ1BzNnBDUXhickNtZWl4OVA1RGZ4OVJ1NUxENFQKSm1kVzdJS2R0UVYvd2ZMbXRzdTc2QithVGRDaldlMEJUZmVPT1JCYlIzY1BBRzZFbFFMaWNsUVVydW4zcStncwpKcEsrSTdjSStqNXc4STY4WEg1V1E3clZVdGJ3SHBxYncrY1ZuQnFJVU9MaUlhdGpJZjdLWDUxTTF1RjljZkVICkU0RG5jSDZyYnI1OS9SRlpCc2toeHM1T3p3Sklmb2hreXZGd2V1VHd4Sy9WcGpJKzdPYzQ4QUJDWHBOTzlEL3EKRWgrck9hdWpBTWNYZ0hRSVRrQ2lpVVRjVW82TFNIOXZMWlB0YXFmem9acTZuaE1xcFc2NUUxcEF3RjNqeVRUeAphNUk4SmNmU0Zqa2llWjIwTFVRTW43TThVNHhIamFvL2d2SDBDQWZkQjdSTFUyc0NBd0VBQWFOVE1GRXdIUVlEClZSME9CQllFRk9SQ0U4dS8xRERXN2loWnA3Y3g5dFNtUG02T01COEdBMVVkSXdRWU1CYUFGT1JDRTh1LzFERFcKN2loWnA3Y3g5dFNtUG02T01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQgpBRnQ1M3pqc3FUYUg1YThFMmNodm1XQWdDcnhSSzhiVkxNeGl3TkdqYm1FUFJ6K3c2TngrazBBOEtFY0lEc0tjClNYY2k1OHU0b1didFZKQmx6YS9adWpIUjZQMUJuT3BsK2FveTc4NGJiZDRQMzl3VExvWGZNZmJCQ20xdmV2aDkKQUpLbncyWnRxcjRta2JMY3hFcWxxM3NCTEZBUzlzUUxuS05DZTJjR0xkVHAyYm9HK3FjZ3lRZ0NJTTZmOEVNdgpXUGlmQ01NR3V6Sy9HUkY0YlBPL1lGNDhld0R1M1VlaWgwWFhkVUFPRTlDdFVhOE5JaGMxVVBhT3pQcnRZVnFyClpPR2t2L0t1K0I3OGg4U0VzTzlYclFjdXdiT25KeDZLdFIrYWV5a3ZBcFhDUTNmWkMvYllLQUFSK1A4QUpvUVoKYndJVW1YaTRnajVtK2JLUGhlK2lyK0U9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
+ maxVersion: "1.3"
+ minVersion: "1.2"
diff --git a/internal/gatewayapi/testdata/clienttrafficpolicy-trailers.out.yaml b/internal/gatewayapi/testdata/clienttrafficpolicy-trailers.out.yaml
index 114af441730..354cec1af2d 100644
--- a/internal/gatewayapi/testdata/clienttrafficpolicy-trailers.out.yaml
+++ b/internal/gatewayapi/testdata/clienttrafficpolicy-trailers.out.yaml
@@ -125,7 +125,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
http1:
@@ -141,7 +141,7 @@ xdsIR:
escapedSlashesAction: UnescapeAndRedirect
mergeSlashes: true
port: 10080
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
http1:
diff --git a/internal/gatewayapi/testdata/conflicting-policies.out.yaml b/internal/gatewayapi/testdata/conflicting-policies.out.yaml
index 8acabbca876..6933902b8f9 100644
--- a/internal/gatewayapi/testdata/conflicting-policies.out.yaml
+++ b/internal/gatewayapi/testdata/conflicting-policies.out.yaml
@@ -265,7 +265,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.192.168.0.15.nip.io'
isHTTP2: false
@@ -300,7 +300,7 @@ xdsIR:
distinct: false
name: ""
prefix: /
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- qccbahgo.qccbahgo
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/custom-filter-order.out.yaml b/internal/gatewayapi/testdata/custom-filter-order.out.yaml
index 043eeab1543..c840462f271 100644
--- a/internal/gatewayapi/testdata/custom-filter-order.out.yaml
+++ b/internal/gatewayapi/testdata/custom-filter-order.out.yaml
@@ -225,7 +225,7 @@ xdsIR:
- after: envoy.filters.http.basic_authn
name: envoy.filters.http.cors
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -284,7 +284,7 @@ xdsIR:
security:
basicAuth:
name: securitypolicy/envoy-gateway/policy-for-gateway
- users: dXNlcjE6e1NIQX10RVNzQm1FL3lOWTNsYjZhMEw2dlZRRVpOcXc9CnVzZXIyOntTSEF9RUo5TFBGRFhzTjl5blNtYnh2anA3NUJtbHg4PQo=
+ users: '[redacted]'
cors:
allowMethods:
- GET
diff --git a/internal/gatewayapi/testdata/disable-accesslog.out.yaml b/internal/gatewayapi/testdata/disable-accesslog.out.yaml
index b0dc0dd4bb1..2f152a026ac 100644
--- a/internal/gatewayapi/testdata/disable-accesslog.out.yaml
+++ b/internal/gatewayapi/testdata/disable-accesslog.out.yaml
@@ -119,7 +119,7 @@ infraIR:
xdsIR:
envoy-gateway/gateway-1:
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/envoyextensionpolicy-invalid-cross-ns-ref.out.yaml b/internal/gatewayapi/testdata/envoyextensionpolicy-invalid-cross-ns-ref.out.yaml
index df3a01d780f..85f79b1e55c 100644
--- a/internal/gatewayapi/testdata/envoyextensionpolicy-invalid-cross-ns-ref.out.yaml
+++ b/internal/gatewayapi/testdata/envoyextensionpolicy-invalid-cross-ns-ref.out.yaml
@@ -79,7 +79,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/envoyextensionpolicy-override-replace.out.yaml b/internal/gatewayapi/testdata/envoyextensionpolicy-override-replace.out.yaml
index 4f055e7bc4d..c0b88b42192 100644
--- a/internal/gatewayapi/testdata/envoyextensionpolicy-override-replace.out.yaml
+++ b/internal/gatewayapi/testdata/envoyextensionpolicy-override-replace.out.yaml
@@ -268,7 +268,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -296,7 +296,7 @@ xdsIR:
extProcs:
- authority: grpc-backend-2.default:8000
destination:
- name: envoyextensionpolicy/default/policy-for-route-1/0
+ name: envoyextensionpolicy/default/policy-for-route-1/extproc/0
settings:
- protocol: GRPC
weight: 1
@@ -325,7 +325,7 @@ xdsIR:
extProcs:
- authority: grpc-backend.envoy-gateway:9000
destination:
- name: envoyextensionpolicy/envoy-gateway/policy-for-gateway-1/0
+ name: envoyextensionpolicy/envoy-gateway/policy-for-gateway-1/extproc/0
settings:
- protocol: GRPC
weight: 1
diff --git a/internal/gatewayapi/testdata/envoyextensionpolicy-status-conditions.out.yaml b/internal/gatewayapi/testdata/envoyextensionpolicy-status-conditions.out.yaml
index f4cc57f95ba..0db35ca4bb0 100644
--- a/internal/gatewayapi/testdata/envoyextensionpolicy-status-conditions.out.yaml
+++ b/internal/gatewayapi/testdata/envoyextensionpolicy-status-conditions.out.yaml
@@ -521,7 +521,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -540,7 +540,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -578,7 +578,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: true
@@ -612,6 +612,6 @@ xdsIR:
namespace: envoy-gateway
name: grpcroute/envoy-gateway/grpcroute-1/rule/0/match/0/*
tcp:
- - address: 0.0.0.0
+ - address: '::'
name: envoy-gateway/gateway-2/tcp
port: 10053
diff --git a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-matching-port.out.yaml b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-matching-port.out.yaml
index beac28da518..2d0a54ff2da 100644
--- a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-matching-port.out.yaml
+++ b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-matching-port.out.yaml
@@ -130,7 +130,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-port.out.yaml b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-port.out.yaml
index efd62e1e0ea..53232e5735c 100644
--- a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-port.out.yaml
+++ b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-port.out.yaml
@@ -130,7 +130,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-reference-grant.out.yaml b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-reference-grant.out.yaml
index ba93c2decdc..7a84bb226c8 100644
--- a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-reference-grant.out.yaml
+++ b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-reference-grant.out.yaml
@@ -132,7 +132,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-service.out.yaml b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-service.out.yaml
index 066917dd152..ba22f681a33 100644
--- a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-service.out.yaml
+++ b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-invalid-no-service.out.yaml
@@ -131,7 +131,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-with-backendtlspolicy.out.yaml b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-with-backendtlspolicy.out.yaml
index 6b9ad5ee281..81863d1acdf 100644
--- a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-with-backendtlspolicy.out.yaml
+++ b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-with-backendtlspolicy.out.yaml
@@ -280,7 +280,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -308,7 +308,7 @@ xdsIR:
extProcs:
- authority: grpc-backend-2.default:9000
destination:
- name: envoyextensionpolicy/default/policy-for-http-route/0
+ name: envoyextensionpolicy/default/policy-for-http-route/extproc/0
settings:
- addressType: IP
endpoints:
@@ -349,7 +349,7 @@ xdsIR:
extProcs:
- authority: grpc-backend.envoy-gateway:8000
destination:
- name: envoyextensionpolicy/default/policy-for-gateway/0
+ name: envoyextensionpolicy/default/policy-for-gateway/extproc/0
settings:
- addressType: IP
protocol: GRPC
diff --git a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-with-multiple-backendrefs.out.yaml b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-with-multiple-backendrefs.out.yaml
index 021ae6a2cd5..4789f8555e3 100644
--- a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-with-multiple-backendrefs.out.yaml
+++ b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-with-multiple-backendrefs.out.yaml
@@ -280,7 +280,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -308,7 +308,7 @@ xdsIR:
extProcs:
- authority: grpc-backend.envoy-gateway:8000
destination:
- name: envoyextensionpolicy/default/policy-for-http-route/0
+ name: envoyextensionpolicy/default/policy-for-http-route/extproc/0
settings:
- addressType: IP
protocol: GRPC
diff --git a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-with-traffic-features.out.yaml b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-with-traffic-features.out.yaml
index 4edde355292..93c24363c31 100644
--- a/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-with-traffic-features.out.yaml
+++ b/internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-with-traffic-features.out.yaml
@@ -309,7 +309,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -337,7 +337,7 @@ xdsIR:
extProcs:
- authority: grpc-backend.envoy-gateway:8000
destination:
- name: envoyextensionpolicy/default/policy-for-http-route/0
+ name: envoyextensionpolicy/default/policy-for-http-route/extproc/0
settings:
- addressType: IP
protocol: GRPC
diff --git a/internal/gatewayapi/testdata/envoyextensionpolicy-with-wasm-env-vars.in.yaml b/internal/gatewayapi/testdata/envoyextensionpolicy-with-wasm-env-vars.in.yaml
new file mode 100644
index 00000000000..c4184d15476
--- /dev/null
+++ b/internal/gatewayapi/testdata/envoyextensionpolicy-with-wasm-env-vars.in.yaml
@@ -0,0 +1,123 @@
+secrets:
+- apiVersion: v1
+ kind: Secret
+ metadata:
+ namespace: envoy-gateway
+ name: my-pull-secret
+ data:
+ .dockerconfigjson: VGhpc0lzTm90QVJlYWxEb2NrZXJDb25maWdKc29u
+gateways:
+- apiVersion: gateway.networking.k8s.io/v1
+ kind: Gateway
+ metadata:
+ namespace: envoy-gateway
+ name: gateway-1
+ spec:
+ gatewayClassName: envoy-gateway-class
+ listeners:
+ - name: http
+ protocol: HTTP
+ port: 80
+ allowedRoutes:
+ namespaces:
+ from: All
+httpRoutes:
+- apiVersion: gateway.networking.k8s.io/v1
+ kind: HTTPRoute
+ metadata:
+ namespace: default
+ name: httproute-1
+ spec:
+ hostnames:
+ - www.example.com
+ parentRefs:
+ - namespace: envoy-gateway
+ name: gateway-1
+ sectionName: http
+ rules:
+ - matches:
+ - path:
+ value: "/foo"
+ backendRefs:
+ - name: service-1
+ port: 8080
+- apiVersion: gateway.networking.k8s.io/v1
+ kind: HTTPRoute
+ metadata:
+ namespace: default
+ name: httproute-2
+ spec:
+ hostnames:
+ - www.example.com
+ parentRefs:
+ - namespace: envoy-gateway
+ name: gateway-1
+ sectionName: http
+ rules:
+ - matches:
+ - path:
+ value: "/bar"
+ backendRefs:
+ - name: service-1
+ port: 8080
+envoyextensionpolicies:
+- apiVersion: gateway.envoyproxy.io/v1alpha1
+ kind: EnvoyExtensionPolicy
+ metadata:
+ namespace: envoy-gateway
+ name: policy-for-gateway # This policy should attach httproute-2
+ spec:
+ targetRef:
+ group: gateway.networking.k8s.io
+ kind: Gateway
+ name: gateway-1
+ wasm:
+ - name: wasm-filter-1
+ code:
+ type: HTTP
+ http:
+ url: https://www.example.com/wasm-filter-1.wasm
+ sha256: 2d89c4c6ab2a1c615c7696ed37ade9e50654ac70384b5d45100eb08e62130ff4
+ env:
+ hostKeys:
+ - SOME_KEY
+ - ANOTHER_KEY
+ - name: wasm-filter-2
+ rootID: "my-root-id"
+ code:
+ type: Image
+ image:
+ url: oci://www.example.com/wasm-filter-2:v1.0.0
+ pullSecretRef:
+ name: my-pull-secret
+ sha256: 314100af781b98a8ca175d5bf90a8bf76576e20a2f397a88223404edc6ebfd46
+ env:
+ hostKeys:
+ - SOME_KEY
+ - ANOTHER_KEY
+ - code:
+ type: Image
+ image:
+ url: www.example.com:8080/wasm-filter-3
+- apiVersion: gateway.envoyproxy.io/v1alpha1
+ kind: EnvoyExtensionPolicy
+ metadata:
+ namespace: default
+ name: policy-for-http-route # This policy should attach httproute-1
+ spec:
+ targetRef:
+ group: gateway.networking.k8s.io
+ kind: HTTPRoute
+ name: httproute-1
+ wasm:
+ - name: wasm-filter-4
+ code:
+ type: HTTP
+ http:
+ url: https://www.test.com/wasm-filter-4.wasm
+ sha256: b6922722ab58109abfaa8d9eb16f339b38b2bb1c17076b083b34438b934e7463
+ failOpen: true
+ env:
+ hostKeys:
+ - SOME_KEY
+ - ANOTHER_KEY
diff --git a/internal/gatewayapi/testdata/envoyextensionpolicy-with-wasm-env-vars.out.yaml b/internal/gatewayapi/testdata/envoyextensionpolicy-with-wasm-env-vars.out.yaml
new file mode 100644
index 00000000000..f0dfd27144d
--- /dev/null
+++ b/internal/gatewayapi/testdata/envoyextensionpolicy-with-wasm-env-vars.out.yaml
@@ -0,0 +1,342 @@
+envoyExtensionPolicies:
+- apiVersion: gateway.envoyproxy.io/v1alpha1
+ kind: EnvoyExtensionPolicy
+ metadata:
+ creationTimestamp: null
+ name: policy-for-http-route
+ namespace: default
+ spec:
+ targetRef:
+ group: gateway.networking.k8s.io
+ kind: HTTPRoute
+ name: httproute-1
+ wasm:
+ - code:
+ http:
+ sha256: b6922722ab58109abfaa8d9eb16f339b38b2bb1c17076b083b34438b934e7463
+ url: https://www.test.com/wasm-filter-4.wasm
+ type: HTTP
+ env:
+ hostKeys:
+ - SOME_KEY
+ - ANOTHER_KEY
+ failOpen: true
+ name: wasm-filter-4
+ status:
+ ancestors:
+ - ancestorRef:
+ group: gateway.networking.k8s.io
+ kind: Gateway
+ name: gateway-1
+ namespace: envoy-gateway
+ sectionName: http
+ conditions:
+ - lastTransitionTime: null
+ message: Policy has been accepted.
+ reason: Accepted
+ status: "True"
+ type: Accepted
+ controllerName: gateway.envoyproxy.io/gatewayclass-controller
+- apiVersion: gateway.envoyproxy.io/v1alpha1
+ kind: EnvoyExtensionPolicy
+ metadata:
+ creationTimestamp: null
+ name: policy-for-gateway
+ namespace: envoy-gateway
+ spec:
+ targetRef:
+ group: gateway.networking.k8s.io
+ kind: Gateway
+ name: gateway-1
+ wasm:
+ - code:
+ http:
+ sha256: 2d89c4c6ab2a1c615c7696ed37ade9e50654ac70384b5d45100eb08e62130ff4
+ url: https://www.example.com/wasm-filter-1.wasm
+ type: HTTP
+ env:
+ hostKeys:
+ - SOME_KEY
+ - ANOTHER_KEY
+ name: wasm-filter-1
+ - code:
+ image:
+ pullSecretRef:
+ group: null
+ kind: null
+ name: my-pull-secret
+ sha256: 314100af781b98a8ca175d5bf90a8bf76576e20a2f397a88223404edc6ebfd46
+ url: oci://www.example.com/wasm-filter-2:v1.0.0
+ type: Image
+ env:
+ hostKeys:
+ - SOME_KEY
+ - ANOTHER_KEY
+ name: wasm-filter-2
+ rootID: my-root-id
+ - code:
+ image:
+ sha256: null
+ url: www.example.com:8080/wasm-filter-3
+ type: Image
+ status:
+ ancestors:
+ - ancestorRef:
+ group: gateway.networking.k8s.io
+ kind: Gateway
+ name: gateway-1
+ namespace: envoy-gateway
+ conditions:
+ - lastTransitionTime: null
+ message: Policy has been accepted.
+ reason: Accepted
+ status: "True"
+ type: Accepted
+ - lastTransitionTime: null
+ message: 'This policy is being overridden by other envoyExtensionPolicies
+ for these routes: [default/httproute-1]'
+ reason: Overridden
+ status: "True"
+ type: Overridden
+ controllerName: gateway.envoyproxy.io/gatewayclass-controller
+gateways:
+- apiVersion: gateway.networking.k8s.io/v1
+ kind: Gateway
+ metadata:
+ creationTimestamp: null
+ name: gateway-1
+ namespace: envoy-gateway
+ spec:
+ gatewayClassName: envoy-gateway-class
+ listeners:
+ - allowedRoutes:
+ namespaces:
+ from: All
+ name: http
+ port: 80
+ protocol: HTTP
+ status:
+ listeners:
+ - attachedRoutes: 2
+ conditions:
+ - lastTransitionTime: null
+ message: Sending translated listener configuration to the data plane
+ reason: Programmed
+ status: "True"
+ type: Programmed
+ - lastTransitionTime: null
+ message: Listener has been successfully translated
+ reason: Accepted
+ status: "True"
+ type: Accepted
+ - lastTransitionTime: null
+ message: Listener references have been resolved
+ reason: ResolvedRefs
+ status: "True"
+ type: ResolvedRefs
+ name: http
+ supportedKinds:
+ - group: gateway.networking.k8s.io
+ kind: HTTPRoute
+ - group: gateway.networking.k8s.io
+ kind: GRPCRoute
+httpRoutes:
+- apiVersion: gateway.networking.k8s.io/v1
+ kind: HTTPRoute
+ metadata:
+ creationTimestamp: null
+ name: httproute-1
+ namespace: default
+ spec:
+ hostnames:
+ - www.example.com
+ parentRefs:
+ - name: gateway-1
+ namespace: envoy-gateway
+ sectionName: http
+ rules:
+ - backendRefs:
+ - name: service-1
+ port: 8080
+ matches:
+ - path:
+ value: /foo
+ status:
+ parents:
+ - conditions:
+ - lastTransitionTime: null
+ message: Route is accepted
+ reason: Accepted
+ status: "True"
+ type: Accepted
+ - lastTransitionTime: null
+ message: Resolved all the Object references for the Route
+ reason: ResolvedRefs
+ status: "True"
+ type: ResolvedRefs
+ controllerName: gateway.envoyproxy.io/gatewayclass-controller
+ parentRef:
+ name: gateway-1
+ namespace: envoy-gateway
+ sectionName: http
+- apiVersion: gateway.networking.k8s.io/v1
+ kind: HTTPRoute
+ metadata:
+ creationTimestamp: null
+ name: httproute-2
+ namespace: default
+ spec:
+ hostnames:
+ - www.example.com
+ parentRefs:
+ - name: gateway-1
+ namespace: envoy-gateway
+ sectionName: http
+ rules:
+ - backendRefs:
+ - name: service-1
+ port: 8080
+ matches:
+ - path:
+ value: /bar
+ status:
+ parents:
+ - conditions:
+ - lastTransitionTime: null
+ message: Route is accepted
+ reason: Accepted
+ status: "True"
+ type: Accepted
+ - lastTransitionTime: null
+ message: Resolved all the Object references for the Route
+ reason: ResolvedRefs
+ status: "True"
+ type: ResolvedRefs
+ controllerName: gateway.envoyproxy.io/gatewayclass-controller
+ parentRef:
+ name: gateway-1
+ namespace: envoy-gateway
+ sectionName: http
+infraIR:
+ envoy-gateway/gateway-1:
+ proxy:
+ listeners:
+ - address: null
+ name: envoy-gateway/gateway-1/http
+ ports:
+ - containerPort: 10080
+ name: http-80
+ protocol: HTTP
+ servicePort: 80
+ metadata:
+ labels:
+ gateway.envoyproxy.io/owning-gateway-name: gateway-1
+ gateway.envoyproxy.io/owning-gateway-namespace: envoy-gateway
+ name: envoy-gateway/gateway-1
+xdsIR:
+ envoy-gateway/gateway-1:
+ accessLog:
+ text:
+ - path: /dev/stdout
+ http:
+ - address: '::'
+ hostnames:
+ - '*'
+ isHTTP2: false
+ metadata:
+ kind: Gateway
+ name: gateway-1
+ namespace: envoy-gateway
+ sectionName: http
+ name: envoy-gateway/gateway-1/http
+ path:
+ escapedSlashesAction: UnescapeAndRedirect
+ mergeSlashes: true
+ port: 10080
+ routes:
+ - destination:
+ name: httproute/default/httproute-1/rule/0
+ settings:
+ - addressType: IP
+ endpoints:
+ - host: 7.7.7.7
+ port: 8080
+ protocol: HTTP
+ weight: 1
+ envoyExtensions:
+ wasms:
+ - config: null
+ failOpen: true
+ hostKeys:
+ - SOME_KEY
+ - ANOTHER_KEY
+ httpWasmCode:
+ originalDownloadingURL: https://www.test.com/wasm-filter-4.wasm
+ servingURL: https://envoy-gateway:18002/fe571e7b1ef5dc626ceb2c2c86782a134a92989a2643485238951696ae4334c3.wasm
+ sha256: b6922722ab58109abfaa8d9eb16f339b38b2bb1c17076b083b34438b934e7463
+ name: envoyextensionpolicy/default/policy-for-http-route/wasm/0
+ wasmName: wasm-filter-4
+ hostname: www.example.com
+ isHTTP2: false
+ metadata:
+ kind: HTTPRoute
+ name: httproute-1
+ namespace: default
+ name: httproute/default/httproute-1/rule/0/match/0/www_example_com
+ pathMatch:
+ distinct: false
+ name: ""
+ prefix: /foo
+ - destination:
+ name: httproute/default/httproute-2/rule/0
+ settings:
+ - addressType: IP
+ endpoints:
+ - host: 7.7.7.7
+ port: 8080
+ protocol: HTTP
+ weight: 1
+ envoyExtensions:
+ wasms:
+ - config: null
+ failOpen: false
+ hostKeys:
+ - SOME_KEY
+ - ANOTHER_KEY
+ httpWasmCode:
+ originalDownloadingURL: https://www.example.com/wasm-filter-1.wasm
+ servingURL: https://envoy-gateway:18002/5c90b9a82642ce00a7753923fabead306b9d9a54a7c0bd2463a1af3efcfb110b.wasm
+ sha256: 2d89c4c6ab2a1c615c7696ed37ade9e50654ac70384b5d45100eb08e62130ff4
+ name: envoyextensionpolicy/envoy-gateway/policy-for-gateway/wasm/0
+ wasmName: wasm-filter-1
+ - config: null
+ failOpen: false
+ hostKeys:
+ - SOME_KEY
+ - ANOTHER_KEY
+ httpWasmCode:
+ originalDownloadingURL: oci://www.example.com/wasm-filter-2:v1.0.0
+ servingURL: https://envoy-gateway:18002/7abf116e5cd5a20389604a5ba0f3bd04fdf76f92181fe67506b42c2ee596d3fd.wasm
+ sha256: 314100af781b98a8ca175d5bf90a8bf76576e20a2f397a88223404edc6ebfd46
+ name: envoyextensionpolicy/envoy-gateway/policy-for-gateway/wasm/1
+ rootID: my-root-id
+ wasmName: wasm-filter-2
+ - config: null
+ failOpen: false
+ httpWasmCode:
+ originalDownloadingURL: oci://www.example.com:8080/wasm-filter-3:latest
+ servingURL: https://envoy-gateway:18002/42d30b4a4cc631415e6e48c02d244700da327201eb273f752cacf745715b31d9.wasm
+ sha256: 2a19e4f337e5223d7287e7fccd933fb01905deaff804292e5257f8c681b82bee
+ name: envoyextensionpolicy/envoy-gateway/policy-for-gateway/wasm/2
+ wasmName: envoyextensionpolicy/envoy-gateway/policy-for-gateway/wasm/2
+ hostname: www.example.com
+ isHTTP2: false
+ metadata:
+ kind: HTTPRoute
+ name: httproute-2
+ namespace: default
+ name: httproute/default/httproute-2/rule/0/match/0/www_example_com
+ pathMatch:
+ distinct: false
+ name: ""
+ prefix: /bar
diff --git a/internal/gatewayapi/testdata/envoyextensionpolicy-with-wasm-targetrefs.out.yaml b/internal/gatewayapi/testdata/envoyextensionpolicy-with-wasm-targetrefs.out.yaml
index 8c65fb9cf65..12fad598a5c 100644
--- a/internal/gatewayapi/testdata/envoyextensionpolicy-with-wasm-targetrefs.out.yaml
+++ b/internal/gatewayapi/testdata/envoyextensionpolicy-with-wasm-targetrefs.out.yaml
@@ -207,7 +207,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/envoyextensionpolicy-with-wasm.out.yaml b/internal/gatewayapi/testdata/envoyextensionpolicy-with-wasm.out.yaml
index 368c32a4055..71173c47bd0 100644
--- a/internal/gatewayapi/testdata/envoyextensionpolicy-with-wasm.out.yaml
+++ b/internal/gatewayapi/testdata/envoyextensionpolicy-with-wasm.out.yaml
@@ -241,7 +241,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/envoypatchpolicy-cross-ns-target.out.yaml b/internal/gatewayapi/testdata/envoypatchpolicy-cross-ns-target.out.yaml
index e40792057eb..11011a07694 100644
--- a/internal/gatewayapi/testdata/envoypatchpolicy-cross-ns-target.out.yaml
+++ b/internal/gatewayapi/testdata/envoypatchpolicy-cross-ns-target.out.yaml
@@ -61,7 +61,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/envoypatchpolicy-invalid-feature-disabled.out.yaml b/internal/gatewayapi/testdata/envoypatchpolicy-invalid-feature-disabled.out.yaml
index 4eff002f05f..f2a88d508ed 100644
--- a/internal/gatewayapi/testdata/envoypatchpolicy-invalid-feature-disabled.out.yaml
+++ b/internal/gatewayapi/testdata/envoypatchpolicy-invalid-feature-disabled.out.yaml
@@ -87,7 +87,7 @@ xdsIR:
type: Accepted
controllerName: gateway.envoyproxy.io/gatewayclass-controller
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/envoypatchpolicy-invalid-target-kind-merge-gateways.out.yaml b/internal/gatewayapi/testdata/envoypatchpolicy-invalid-target-kind-merge-gateways.out.yaml
index e36a5d543ac..694ba5cf0ae 100644
--- a/internal/gatewayapi/testdata/envoypatchpolicy-invalid-target-kind-merge-gateways.out.yaml
+++ b/internal/gatewayapi/testdata/envoypatchpolicy-invalid-target-kind-merge-gateways.out.yaml
@@ -89,7 +89,7 @@ xdsIR:
type: Accepted
controllerName: gateway.envoyproxy.io/gatewayclass-controller
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/envoypatchpolicy-invalid-target-kind.out.yaml b/internal/gatewayapi/testdata/envoypatchpolicy-invalid-target-kind.out.yaml
index 14addeb27dc..5e28ec9e9d4 100644
--- a/internal/gatewayapi/testdata/envoypatchpolicy-invalid-target-kind.out.yaml
+++ b/internal/gatewayapi/testdata/envoypatchpolicy-invalid-target-kind.out.yaml
@@ -80,7 +80,7 @@ xdsIR:
type: Accepted
controllerName: gateway.envoyproxy.io/gatewayclass-controller
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/envoypatchpolicy-valid-merge-gateways.out.yaml b/internal/gatewayapi/testdata/envoypatchpolicy-valid-merge-gateways.out.yaml
index 315fc208bad..a73b592ca7f 100644
--- a/internal/gatewayapi/testdata/envoypatchpolicy-valid-merge-gateways.out.yaml
+++ b/internal/gatewayapi/testdata/envoypatchpolicy-valid-merge-gateways.out.yaml
@@ -116,7 +116,7 @@ xdsIR:
type: Accepted
controllerName: gateway.envoyproxy.io/gatewayclass-controller
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/envoypatchpolicy-valid.out.yaml b/internal/gatewayapi/testdata/envoypatchpolicy-valid.out.yaml
index 6ac0112c140..cb05e3a5858 100644
--- a/internal/gatewayapi/testdata/envoypatchpolicy-valid.out.yaml
+++ b/internal/gatewayapi/testdata/envoypatchpolicy-valid.out.yaml
@@ -108,7 +108,7 @@ xdsIR:
type: Accepted
controllerName: gateway.envoyproxy.io/gatewayclass-controller
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-als-json.out.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-als-json.out.yaml
index 8695f47ecfa..eae92fd6677 100644
--- a/internal/gatewayapi/testdata/envoyproxy-accesslog-als-json.out.yaml
+++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-als-json.out.yaml
@@ -182,7 +182,7 @@ xdsIR:
name: envoy-gateway-system/test
type: TCP
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-backend-invalid.out.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-backend-invalid.out.yaml
index 6c3db20cff0..fe87871df9b 100644
--- a/internal/gatewayapi/testdata/envoyproxy-accesslog-backend-invalid.out.yaml
+++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-backend-invalid.out.yaml
@@ -142,7 +142,7 @@ infraIR:
xdsIR:
envoy-gateway/gateway-1:
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-backend.out.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-backend.out.yaml
index 94763fd2522..a676d131d70 100644
--- a/internal/gatewayapi/testdata/envoyproxy-accesslog-backend.out.yaml
+++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-backend.out.yaml
@@ -153,7 +153,7 @@ xdsIR:
[%START_TIME%] "%REQ(:METHOD)% %PROTOCOL%" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-FORWARDED-FOR)%" "%REQ(USER-AGENT)%" "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%"\n
path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-cel-with-invalid.out.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-cel-with-invalid.out.yaml
index ce6e60861fc..4c9774307ba 100644
--- a/internal/gatewayapi/testdata/envoyproxy-accesslog-cel-with-invalid.out.yaml
+++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-cel-with-invalid.out.yaml
@@ -142,7 +142,7 @@ infraIR:
xdsIR:
envoy-gateway/gateway-1:
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-cel.out.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-cel.out.yaml
index 4161575dd8a..6c41786f198 100644
--- a/internal/gatewayapi/testdata/envoyproxy-accesslog-cel.out.yaml
+++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-cel.out.yaml
@@ -177,7 +177,7 @@ xdsIR:
[%START_TIME%] "%REQ(:METHOD)% %PROTOCOL%" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-FORWARDED-FOR)%" "%REQ(USER-AGENT)%" "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%"\n
path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json-no-format.out.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json-no-format.out.yaml
index f1fc863b98e..dfa7cb9e73a 100644
--- a/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json-no-format.out.yaml
+++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json-no-format.out.yaml
@@ -126,7 +126,7 @@ xdsIR:
envoy-gateway/gateway-1:
accessLog: {}
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json.out.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json.out.yaml
index cb2e10fc988..22351893208 100644
--- a/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json.out.yaml
+++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-file-json.out.yaml
@@ -134,7 +134,7 @@ xdsIR:
protocol: '%PROTOCOL%'
path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-types.out.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-types.out.yaml
index 9c2c0d1cf82..481d5d35e0b 100644
--- a/internal/gatewayapi/testdata/envoyproxy-accesslog-types.out.yaml
+++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-types.out.yaml
@@ -426,7 +426,7 @@ xdsIR:
this is a Global log
path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-with-bad-sinks.out.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-with-bad-sinks.out.yaml
index db14cc4b8e3..4d25ea17358 100644
--- a/internal/gatewayapi/testdata/envoyproxy-accesslog-with-bad-sinks.out.yaml
+++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-with-bad-sinks.out.yaml
@@ -128,7 +128,7 @@ xdsIR:
envoy-gateway/gateway-1:
accessLog: {}
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-with-traffic.out.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-with-traffic.out.yaml
index 28ef831b03a..72234e5db1e 100644
--- a/internal/gatewayapi/testdata/envoyproxy-accesslog-with-traffic.out.yaml
+++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-with-traffic.out.yaml
@@ -310,7 +310,7 @@ xdsIR:
[%START_TIME%] "%REQ(:METHOD)% %PROTOCOL%" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-FORWARDED-FOR)%" "%REQ(USER-AGENT)%" "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%"\n
path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog-without-format.out.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog-without-format.out.yaml
index 43505266ec0..f9db0b48736 100644
--- a/internal/gatewayapi/testdata/envoyproxy-accesslog-without-format.out.yaml
+++ b/internal/gatewayapi/testdata/envoyproxy-accesslog-without-format.out.yaml
@@ -194,7 +194,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/envoyproxy-accesslog.out.yaml b/internal/gatewayapi/testdata/envoyproxy-accesslog.out.yaml
index 9694dd07ad7..8c2bec37bde 100644
--- a/internal/gatewayapi/testdata/envoyproxy-accesslog.out.yaml
+++ b/internal/gatewayapi/testdata/envoyproxy-accesslog.out.yaml
@@ -206,7 +206,7 @@ xdsIR:
[%START_TIME%] "%REQ(:METHOD)% %PROTOCOL%" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% "%REQ(X-FORWARDED-FOR)%" "%REQ(USER-AGENT)%" "%REQ(X-REQUEST-ID)%" "%REQ(:AUTHORITY)%" "%UPSTREAM_HOST%"\n
path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/envoyproxy-endpoint-routing-for-gateway.out.yaml b/internal/gatewayapi/testdata/envoyproxy-endpoint-routing-for-gateway.out.yaml
index 1b31bae27e7..0e4a18b66dc 100644
--- a/internal/gatewayapi/testdata/envoyproxy-endpoint-routing-for-gateway.out.yaml
+++ b/internal/gatewayapi/testdata/envoyproxy-endpoint-routing-for-gateway.out.yaml
@@ -112,7 +112,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/envoyproxy-endpoint-routing.out.yaml b/internal/gatewayapi/testdata/envoyproxy-endpoint-routing.out.yaml
index 9f058d69051..537a739770c 100644
--- a/internal/gatewayapi/testdata/envoyproxy-endpoint-routing.out.yaml
+++ b/internal/gatewayapi/testdata/envoyproxy-endpoint-routing.out.yaml
@@ -107,7 +107,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/envoyproxy-metric-backend-invalid.out.yaml b/internal/gatewayapi/testdata/envoyproxy-metric-backend-invalid.out.yaml
index 0368e1a1a22..dcfabe29f4c 100644
--- a/internal/gatewayapi/testdata/envoyproxy-metric-backend-invalid.out.yaml
+++ b/internal/gatewayapi/testdata/envoyproxy-metric-backend-invalid.out.yaml
@@ -135,7 +135,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/envoyproxy-metric-backend.out.yaml b/internal/gatewayapi/testdata/envoyproxy-metric-backend.out.yaml
index 4bff8f998d5..91706f9afd4 100644
--- a/internal/gatewayapi/testdata/envoyproxy-metric-backend.out.yaml
+++ b/internal/gatewayapi/testdata/envoyproxy-metric-backend.out.yaml
@@ -128,7 +128,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/envoyproxy-metric-enabled-backend.out.yaml b/internal/gatewayapi/testdata/envoyproxy-metric-enabled-backend.out.yaml
index 7605114bf22..293488ec064 100644
--- a/internal/gatewayapi/testdata/envoyproxy-metric-enabled-backend.out.yaml
+++ b/internal/gatewayapi/testdata/envoyproxy-metric-enabled-backend.out.yaml
@@ -131,7 +131,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/envoyproxy-priority-backend.out.yaml b/internal/gatewayapi/testdata/envoyproxy-priority-backend.out.yaml
index fda9d4ccca9..f5c685bab24 100644
--- a/internal/gatewayapi/testdata/envoyproxy-priority-backend.out.yaml
+++ b/internal/gatewayapi/testdata/envoyproxy-priority-backend.out.yaml
@@ -283,7 +283,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -311,7 +311,7 @@ xdsIR:
extProcs:
- authority: grpc-backend.envoy-gateway:8000
destination:
- name: envoyextensionpolicy/default/policy-for-http-route/0
+ name: envoyextensionpolicy/default/policy-for-http-route/extproc/0
settings:
- addressType: IP
protocol: GRPC
diff --git a/internal/gatewayapi/testdata/envoyproxy-service-routing-for-gateway.out.yaml b/internal/gatewayapi/testdata/envoyproxy-service-routing-for-gateway.out.yaml
index 76859d37624..88618649c7e 100644
--- a/internal/gatewayapi/testdata/envoyproxy-service-routing-for-gateway.out.yaml
+++ b/internal/gatewayapi/testdata/envoyproxy-service-routing-for-gateway.out.yaml
@@ -112,7 +112,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/envoyproxy-service-routing.out.yaml b/internal/gatewayapi/testdata/envoyproxy-service-routing.out.yaml
index a679b4aef60..1602dc38c8b 100644
--- a/internal/gatewayapi/testdata/envoyproxy-service-routing.out.yaml
+++ b/internal/gatewayapi/testdata/envoyproxy-service-routing.out.yaml
@@ -107,7 +107,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/envoyproxy-tls-settings-invalid-ns.out.yaml b/internal/gatewayapi/testdata/envoyproxy-tls-settings-invalid-ns.out.yaml
index b70ae56fce4..578ad17e948 100644
--- a/internal/gatewayapi/testdata/envoyproxy-tls-settings-invalid-ns.out.yaml
+++ b/internal/gatewayapi/testdata/envoyproxy-tls-settings-invalid-ns.out.yaml
@@ -228,7 +228,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -279,10 +279,10 @@ xdsIR:
alpnProtocols: null
certificates:
- name: envoy-gateway/default-cert
- privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV1Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktRd2dnU2dBZ0VBQW9JQkFRQ1pTT21NUlBXWkFqN08KcVFrTVc2d3Bub3NmVCtRMzhmVWJ1U3crRXlablZ1eUNuYlVGZjhIeTVyYkx1K2dmbWszUW8xbnRBVTMzamprUQpXMGQzRHdCdWhKVUM0bkpVRks3cDk2dm9MQ2FTdmlPM0NQbytjUENPdkZ4K1ZrTzYxVkxXOEI2YW04UG5GWndhCmlGRGk0aUdyWXlIK3lsK2RUTmJoZlhIeEJ4T0E1M0IrcTI2K2ZmMFJXUWJKSWNiT1RzOENTSDZJWk1yeGNIcmsKOE1TdjFhWXlQdXpuT1BBQVFsNlRUdlEvNmhJZnF6bXJvd0RIRjRCMENFNUFvb2xFM0ZLT2kwaC9ieTJUN1dxbgo4NkdhdXA0VEtxVnV1Uk5hUU1CZDQ4azA4V3VTUENYSDBoWTVJbm1kdEMxRURKK3pQRk9NUjQycVA0THg5QWdICjNRZTBTMU5yQWdNQkFBRUNnZjk2Zy9QWXh2YVp5NEJuMU5ySkJkOExaT2djYlpjMmdueDZJa3YvVVhaME5obHgKRVlpS2plRmpWNkhXNW9FWHJaKy9tUGY0ZHVzVmFMNzRVOVZvanVQSmNlQWVScmpMM2VPaGJIdGN4KzBnY0dMZwpYeEY5VFJhcDY1VHVVZDFhaTA0aEd3WWY3NXNiUDdSS2JQaXZ3WmdVQWUwQ3BWdWZjaG5YcXJzWXI4cEpZNTFPCldWa1NxejRSWTlXbTBrNUcxSkZ5SXlFQzl1bURsdWpjSE50UlZtYWZrTmZBdENsaVByRktjL245bkpmTzZSRlAKN2c3Vi9JdnFudUlyN1BFM0duNlBhVCtCZ2c0NDh0ZDVKelBwVEE1WkJjQm8yb3J6L2t4WVBGcHIvZ1BVQnFRZApvNm5XcXc3Nlp4d1BsZHdMaEorWFlOWDdvdWN0VVNDTDl1NzdmeUVDZ1lFQXl2N0RseGYrS1FsZkR3bW8vcjFUCjBMMVpuSDQ3MmhpSWVkU2hleVZCSGJFVlRTbXI0MkJSbGpXNERiUmNRTTRWY3h4RGtHclI3NlJHZTlvZzZtemMKUnY4K1ZsQ1gyK3F5OXA1bTZaWHJiQXczMHpDLzVtUGtSV3ViaFVoaSs5ZUNNWmEvaEFJL1JGdjI2OURyQkQyLwo2a2cwRjhYME8vNndJK1dwYXRLM1cwY0NnWUVBd1U5QTZiSnBmYVhLS1hQR21PRy9uVXhUeXp5cVlqS05aSmQvCjlHaEVudUdqSzVDQUVWUEphOGtadmZRemxXbXdaYWZxMERocUk4dkxhRkNEZjhZOEU5OU1hbjNHV2hVYjNWL0oKcU5RUVMzNTZOQ2ZadzdseG9LS0JJdlQ2Y3dpaFRuc0UvUjRIQ3NhbDJ3d040Wmw5SFdOQmdhbVM3VExrejFMaApmd1JEa0wwQ2dZQlo0OWorNW53QTlncG5JVkw1Z3lORGN5WGtlNjNMVlVQU0YwdHV1YitOQTJhNFpiU2RHb0RtCmNHRlJpRVcxMk14OHpjNUpmRlA4dDVVU3NUUVVPeUtNT2VrRDFlcDVVd1B1MjVRYzZldDNUQzNJVW5VWDg3SVkKMzU3ZHRZRkhubFlqMldwemJYOVFxUnk5cmlUMEd0Z0tTZkR2ZWhRK0lQa2szRVZhYlhjT2J3S0JnR0d4QzcwTwp6UUVTcC9nSzZuS1lvNTE2MVY0QWFwcjFzVDhFMFVWUzdGcmU3UGMzTDRHU05saWlhTC8yaVpzWXJteXhUNW1xCjZQanVKUDJ5c3NJQURKeCtYTC8wa0NrMlFiNitpY3NvWUpQR2R6dWthQWpoenVxL05VUFZTanlZUCt6SmZ0dnMKTU9MaFFUQlNCekhidjc3NlNrQ2MwZ1BObEpTeDdnT2l4QUtCQW9HQUpCR1VuM2U1QWZDb21BMUUxRHhSeUxaagpUMFBrQUNlUGpEK3hrRkpod0RoQ2dzd2htNFVKZzFmQW8xaEJRUkZ0dHBWQy91QkxjazE4TUVBSTF2ZGZTeVB2CmtTZzVrVnFQanUzc2czOVRNZ09WZXdqUDNFM0FNUUd1ZzFQNzFZazJ6WUpQbGg5NWRMVTVISlZubzZvdkIrUG0KTHF5K016eDN3a0YwZDhlUFhRND0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=
+ privateKey: '[redacted]'
serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURKRENDQWd5Z0F3SUJBZ0lVU3JTYktMZjBiTEVHb2dXeC9nQ3cyR0N0dnhFd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0V6RVJNQThHQTFVRUF3d0lWR1Z6ZENCSmJtTXdIaGNOTWpRd01qSTVNRGt6TURFd1doY05NelF3TWpJMgpNRGt6TURFd1dqQVRNUkV3RHdZRFZRUUREQWhVWlhOMElFbHVZekNDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFECmdnRVBBRENDQVFvQ2dnRUJBSzFKempQSWlXZzNxb0hTckFkZGtlSmphTVA5aXlNVGkvQlBvOWNKUG9SRThaaTcKV2FwVXJYTC85QTlyK2pITXlHSVpOWk5kY1o1Y1kyWHYwTFA4WnhWeTJsazArM3d0WXpIbnBHWUdWdHlxMnRldApEaEZzaVBsODJZUmpDMG16V2E0UU16NFNYekZITmdJRHBSZGhmcm92bXNldVdHUUU4cFY0VWQ5VUsvU0tpbE1PCnF0QjVKaXJMUDJWczVUMW9XaWNXTFF2ZmJHd3Y3c0ZEZHI5YkcwWHRTUXAxN0hTZ281MFNERTUrQmpTbXB0RncKMVZjS0xscWFoTVhCRERpb3Jnd2hJaEdHS3BFU2VNMFA3YkZoVm1rTTNhc2gyeFNUQnVGVUJEbEU0Sk9haHp3cwpEWHJ1cFVoRGRTMWhkYzJmUHJqaEZBbEpmV0VZWjZCbFpqeXNpVlVDQXdFQUFhTndNRzR3SFFZRFZSME9CQllFCkZCUXVmSzFMaWJ1Vm05VHMvVmpCeDhMM3VpTmVNQjhHQTFVZEl3UVlNQmFBRkJRdWZLMUxpYnVWbTlUcy9WakIKeDhMM3VpTmVNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdHd1lEVlIwUkJCUXdFb0lCS29JTktpNWxlR0Z0Y0d4bApMbU52YlRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQWZQUzQxYWdldldNVjNaWHQwQ09GRzN1WWZQRlhuVnc2ClA0MXA5TzZHa2RZc3VxRnZQZVR5eUgyL2RBSUtLd1N6TS9wdGhnOEtuOExabG1KeUZObkExc3RKeG41WGRiVjEKcFBxajhVdllDQnp5ak1JcW1SeW9peUxpUWxib2hNYTBVZEVCS2NIL1BkTEU5SzhUR0pyWmdvR1hxcTFXbWl0RAozdmNQalNlUEtFaVVKVlM5bENoeVNzMEtZNUIraFVRRDBKajZucEZENFprMHhxZHhoMHJXdWVDcXE3dmpxRVl6CnBqNFB3cnVmbjFQQlRtZnhNdVYvVUpWNWViaWtldVpQMzVrV3pMUjdaV0FMN3d1RGRXcC82bzR5azNRTGFuRFEKQ3dnQ0ZjWCtzcyswVnl1TTNZZXJUT1VVOFFWSkp4NFVaQU5aeDYrNDNwZEpaT2NudFBaNENBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
tcp:
- - address: 0.0.0.0
+ - address: '::'
name: envoy-gateway/gateway-tls/
port: 10445
routes:
@@ -318,11 +318,11 @@ xdsIR:
alpnProtocols: []
certificates:
- name: envoy-gateway/default-cert
- privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV1Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktRd2dnU2dBZ0VBQW9JQkFRQ1pTT21NUlBXWkFqN08KcVFrTVc2d3Bub3NmVCtRMzhmVWJ1U3crRXlablZ1eUNuYlVGZjhIeTVyYkx1K2dmbWszUW8xbnRBVTMzamprUQpXMGQzRHdCdWhKVUM0bkpVRks3cDk2dm9MQ2FTdmlPM0NQbytjUENPdkZ4K1ZrTzYxVkxXOEI2YW04UG5GWndhCmlGRGk0aUdyWXlIK3lsK2RUTmJoZlhIeEJ4T0E1M0IrcTI2K2ZmMFJXUWJKSWNiT1RzOENTSDZJWk1yeGNIcmsKOE1TdjFhWXlQdXpuT1BBQVFsNlRUdlEvNmhJZnF6bXJvd0RIRjRCMENFNUFvb2xFM0ZLT2kwaC9ieTJUN1dxbgo4NkdhdXA0VEtxVnV1Uk5hUU1CZDQ4azA4V3VTUENYSDBoWTVJbm1kdEMxRURKK3pQRk9NUjQycVA0THg5QWdICjNRZTBTMU5yQWdNQkFBRUNnZjk2Zy9QWXh2YVp5NEJuMU5ySkJkOExaT2djYlpjMmdueDZJa3YvVVhaME5obHgKRVlpS2plRmpWNkhXNW9FWHJaKy9tUGY0ZHVzVmFMNzRVOVZvanVQSmNlQWVScmpMM2VPaGJIdGN4KzBnY0dMZwpYeEY5VFJhcDY1VHVVZDFhaTA0aEd3WWY3NXNiUDdSS2JQaXZ3WmdVQWUwQ3BWdWZjaG5YcXJzWXI4cEpZNTFPCldWa1NxejRSWTlXbTBrNUcxSkZ5SXlFQzl1bURsdWpjSE50UlZtYWZrTmZBdENsaVByRktjL245bkpmTzZSRlAKN2c3Vi9JdnFudUlyN1BFM0duNlBhVCtCZ2c0NDh0ZDVKelBwVEE1WkJjQm8yb3J6L2t4WVBGcHIvZ1BVQnFRZApvNm5XcXc3Nlp4d1BsZHdMaEorWFlOWDdvdWN0VVNDTDl1NzdmeUVDZ1lFQXl2N0RseGYrS1FsZkR3bW8vcjFUCjBMMVpuSDQ3MmhpSWVkU2hleVZCSGJFVlRTbXI0MkJSbGpXNERiUmNRTTRWY3h4RGtHclI3NlJHZTlvZzZtemMKUnY4K1ZsQ1gyK3F5OXA1bTZaWHJiQXczMHpDLzVtUGtSV3ViaFVoaSs5ZUNNWmEvaEFJL1JGdjI2OURyQkQyLwo2a2cwRjhYME8vNndJK1dwYXRLM1cwY0NnWUVBd1U5QTZiSnBmYVhLS1hQR21PRy9uVXhUeXp5cVlqS05aSmQvCjlHaEVudUdqSzVDQUVWUEphOGtadmZRemxXbXdaYWZxMERocUk4dkxhRkNEZjhZOEU5OU1hbjNHV2hVYjNWL0oKcU5RUVMzNTZOQ2ZadzdseG9LS0JJdlQ2Y3dpaFRuc0UvUjRIQ3NhbDJ3d040Wmw5SFdOQmdhbVM3VExrejFMaApmd1JEa0wwQ2dZQlo0OWorNW53QTlncG5JVkw1Z3lORGN5WGtlNjNMVlVQU0YwdHV1YitOQTJhNFpiU2RHb0RtCmNHRlJpRVcxMk14OHpjNUpmRlA4dDVVU3NUUVVPeUtNT2VrRDFlcDVVd1B1MjVRYzZldDNUQzNJVW5VWDg3SVkKMzU3ZHRZRkhubFlqMldwemJYOVFxUnk5cmlUMEd0Z0tTZkR2ZWhRK0lQa2szRVZhYlhjT2J3S0JnR0d4QzcwTwp6UUVTcC9nSzZuS1lvNTE2MVY0QWFwcjFzVDhFMFVWUzdGcmU3UGMzTDRHU05saWlhTC8yaVpzWXJteXhUNW1xCjZQanVKUDJ5c3NJQURKeCtYTC8wa0NrMlFiNitpY3NvWUpQR2R6dWthQWpoenVxL05VUFZTanlZUCt6SmZ0dnMKTU9MaFFUQlNCekhidjc3NlNrQ2MwZ1BObEpTeDdnT2l4QUtCQW9HQUpCR1VuM2U1QWZDb21BMUUxRHhSeUxaagpUMFBrQUNlUGpEK3hrRkpod0RoQ2dzd2htNFVKZzFmQW8xaEJRUkZ0dHBWQy91QkxjazE4TUVBSTF2ZGZTeVB2CmtTZzVrVnFQanUzc2czOVRNZ09WZXdqUDNFM0FNUUd1ZzFQNzFZazJ6WUpQbGg5NWRMVTVISlZubzZvdkIrUG0KTHF5K016eDN3a0YwZDhlUFhRND0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=
+ privateKey: '[redacted]'
serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURKRENDQWd5Z0F3SUJBZ0lVU3JTYktMZjBiTEVHb2dXeC9nQ3cyR0N0dnhFd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0V6RVJNQThHQTFVRUF3d0lWR1Z6ZENCSmJtTXdIaGNOTWpRd01qSTVNRGt6TURFd1doY05NelF3TWpJMgpNRGt6TURFd1dqQVRNUkV3RHdZRFZRUUREQWhVWlhOMElFbHVZekNDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFECmdnRVBBRENDQVFvQ2dnRUJBSzFKempQSWlXZzNxb0hTckFkZGtlSmphTVA5aXlNVGkvQlBvOWNKUG9SRThaaTcKV2FwVXJYTC85QTlyK2pITXlHSVpOWk5kY1o1Y1kyWHYwTFA4WnhWeTJsazArM3d0WXpIbnBHWUdWdHlxMnRldApEaEZzaVBsODJZUmpDMG16V2E0UU16NFNYekZITmdJRHBSZGhmcm92bXNldVdHUUU4cFY0VWQ5VUsvU0tpbE1PCnF0QjVKaXJMUDJWczVUMW9XaWNXTFF2ZmJHd3Y3c0ZEZHI5YkcwWHRTUXAxN0hTZ281MFNERTUrQmpTbXB0RncKMVZjS0xscWFoTVhCRERpb3Jnd2hJaEdHS3BFU2VNMFA3YkZoVm1rTTNhc2gyeFNUQnVGVUJEbEU0Sk9haHp3cwpEWHJ1cFVoRGRTMWhkYzJmUHJqaEZBbEpmV0VZWjZCbFpqeXNpVlVDQXdFQUFhTndNRzR3SFFZRFZSME9CQllFCkZCUXVmSzFMaWJ1Vm05VHMvVmpCeDhMM3VpTmVNQjhHQTFVZEl3UVlNQmFBRkJRdWZLMUxpYnVWbTlUcy9WakIKeDhMM3VpTmVNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdHd1lEVlIwUkJCUXdFb0lCS29JTktpNWxlR0Z0Y0d4bApMbU52YlRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQWZQUzQxYWdldldNVjNaWHQwQ09GRzN1WWZQRlhuVnc2ClA0MXA5TzZHa2RZc3VxRnZQZVR5eUgyL2RBSUtLd1N6TS9wdGhnOEtuOExabG1KeUZObkExc3RKeG41WGRiVjEKcFBxajhVdllDQnp5ak1JcW1SeW9peUxpUWxib2hNYTBVZEVCS2NIL1BkTEU5SzhUR0pyWmdvR1hxcTFXbWl0RAozdmNQalNlUEtFaVVKVlM5bENoeVNzMEtZNUIraFVRRDBKajZucEZENFprMHhxZHhoMHJXdWVDcXE3dmpxRVl6CnBqNFB3cnVmbjFQQlRtZnhNdVYvVUpWNWViaWtldVpQMzVrV3pMUjdaV0FMN3d1RGRXcC82bzR5azNRTGFuRFEKQ3dnQ0ZjWCtzcyswVnl1TTNZZXJUT1VVOFFWSkp4NFVaQU5aeDYrNDNwZEpaT2NudFBaNENBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
tls:
alpnProtocols: []
certificates:
- name: envoy-gateway/default-cert
- privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV1Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktRd2dnU2dBZ0VBQW9JQkFRQ1pTT21NUlBXWkFqN08KcVFrTVc2d3Bub3NmVCtRMzhmVWJ1U3crRXlablZ1eUNuYlVGZjhIeTVyYkx1K2dmbWszUW8xbnRBVTMzamprUQpXMGQzRHdCdWhKVUM0bkpVRks3cDk2dm9MQ2FTdmlPM0NQbytjUENPdkZ4K1ZrTzYxVkxXOEI2YW04UG5GWndhCmlGRGk0aUdyWXlIK3lsK2RUTmJoZlhIeEJ4T0E1M0IrcTI2K2ZmMFJXUWJKSWNiT1RzOENTSDZJWk1yeGNIcmsKOE1TdjFhWXlQdXpuT1BBQVFsNlRUdlEvNmhJZnF6bXJvd0RIRjRCMENFNUFvb2xFM0ZLT2kwaC9ieTJUN1dxbgo4NkdhdXA0VEtxVnV1Uk5hUU1CZDQ4azA4V3VTUENYSDBoWTVJbm1kdEMxRURKK3pQRk9NUjQycVA0THg5QWdICjNRZTBTMU5yQWdNQkFBRUNnZjk2Zy9QWXh2YVp5NEJuMU5ySkJkOExaT2djYlpjMmdueDZJa3YvVVhaME5obHgKRVlpS2plRmpWNkhXNW9FWHJaKy9tUGY0ZHVzVmFMNzRVOVZvanVQSmNlQWVScmpMM2VPaGJIdGN4KzBnY0dMZwpYeEY5VFJhcDY1VHVVZDFhaTA0aEd3WWY3NXNiUDdSS2JQaXZ3WmdVQWUwQ3BWdWZjaG5YcXJzWXI4cEpZNTFPCldWa1NxejRSWTlXbTBrNUcxSkZ5SXlFQzl1bURsdWpjSE50UlZtYWZrTmZBdENsaVByRktjL245bkpmTzZSRlAKN2c3Vi9JdnFudUlyN1BFM0duNlBhVCtCZ2c0NDh0ZDVKelBwVEE1WkJjQm8yb3J6L2t4WVBGcHIvZ1BVQnFRZApvNm5XcXc3Nlp4d1BsZHdMaEorWFlOWDdvdWN0VVNDTDl1NzdmeUVDZ1lFQXl2N0RseGYrS1FsZkR3bW8vcjFUCjBMMVpuSDQ3MmhpSWVkU2hleVZCSGJFVlRTbXI0MkJSbGpXNERiUmNRTTRWY3h4RGtHclI3NlJHZTlvZzZtemMKUnY4K1ZsQ1gyK3F5OXA1bTZaWHJiQXczMHpDLzVtUGtSV3ViaFVoaSs5ZUNNWmEvaEFJL1JGdjI2OURyQkQyLwo2a2cwRjhYME8vNndJK1dwYXRLM1cwY0NnWUVBd1U5QTZiSnBmYVhLS1hQR21PRy9uVXhUeXp5cVlqS05aSmQvCjlHaEVudUdqSzVDQUVWUEphOGtadmZRemxXbXdaYWZxMERocUk4dkxhRkNEZjhZOEU5OU1hbjNHV2hVYjNWL0oKcU5RUVMzNTZOQ2ZadzdseG9LS0JJdlQ2Y3dpaFRuc0UvUjRIQ3NhbDJ3d040Wmw5SFdOQmdhbVM3VExrejFMaApmd1JEa0wwQ2dZQlo0OWorNW53QTlncG5JVkw1Z3lORGN5WGtlNjNMVlVQU0YwdHV1YitOQTJhNFpiU2RHb0RtCmNHRlJpRVcxMk14OHpjNUpmRlA4dDVVU3NUUVVPeUtNT2VrRDFlcDVVd1B1MjVRYzZldDNUQzNJVW5VWDg3SVkKMzU3ZHRZRkhubFlqMldwemJYOVFxUnk5cmlUMEd0Z0tTZkR2ZWhRK0lQa2szRVZhYlhjT2J3S0JnR0d4QzcwTwp6UUVTcC9nSzZuS1lvNTE2MVY0QWFwcjFzVDhFMFVWUzdGcmU3UGMzTDRHU05saWlhTC8yaVpzWXJteXhUNW1xCjZQanVKUDJ5c3NJQURKeCtYTC8wa0NrMlFiNitpY3NvWUpQR2R6dWthQWpoenVxL05VUFZTanlZUCt6SmZ0dnMKTU9MaFFUQlNCekhidjc3NlNrQ2MwZ1BObEpTeDdnT2l4QUtCQW9HQUpCR1VuM2U1QWZDb21BMUUxRHhSeUxaagpUMFBrQUNlUGpEK3hrRkpod0RoQ2dzd2htNFVKZzFmQW8xaEJRUkZ0dHBWQy91QkxjazE4TUVBSTF2ZGZTeVB2CmtTZzVrVnFQanUzc2czOVRNZ09WZXdqUDNFM0FNUUd1ZzFQNzFZazJ6WUpQbGg5NWRMVTVISlZubzZvdkIrUG0KTHF5K016eDN3a0YwZDhlUFhRND0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=
+ privateKey: '[redacted]'
serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURKRENDQWd5Z0F3SUJBZ0lVU3JTYktMZjBiTEVHb2dXeC9nQ3cyR0N0dnhFd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0V6RVJNQThHQTFVRUF3d0lWR1Z6ZENCSmJtTXdIaGNOTWpRd01qSTVNRGt6TURFd1doY05NelF3TWpJMgpNRGt6TURFd1dqQVRNUkV3RHdZRFZRUUREQWhVWlhOMElFbHVZekNDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFECmdnRVBBRENDQVFvQ2dnRUJBSzFKempQSWlXZzNxb0hTckFkZGtlSmphTVA5aXlNVGkvQlBvOWNKUG9SRThaaTcKV2FwVXJYTC85QTlyK2pITXlHSVpOWk5kY1o1Y1kyWHYwTFA4WnhWeTJsazArM3d0WXpIbnBHWUdWdHlxMnRldApEaEZzaVBsODJZUmpDMG16V2E0UU16NFNYekZITmdJRHBSZGhmcm92bXNldVdHUUU4cFY0VWQ5VUsvU0tpbE1PCnF0QjVKaXJMUDJWczVUMW9XaWNXTFF2ZmJHd3Y3c0ZEZHI5YkcwWHRTUXAxN0hTZ281MFNERTUrQmpTbXB0RncKMVZjS0xscWFoTVhCRERpb3Jnd2hJaEdHS3BFU2VNMFA3YkZoVm1rTTNhc2gyeFNUQnVGVUJEbEU0Sk9haHp3cwpEWHJ1cFVoRGRTMWhkYzJmUHJqaEZBbEpmV0VZWjZCbFpqeXNpVlVDQXdFQUFhTndNRzR3SFFZRFZSME9CQllFCkZCUXVmSzFMaWJ1Vm05VHMvVmpCeDhMM3VpTmVNQjhHQTFVZEl3UVlNQmFBRkJRdWZLMUxpYnVWbTlUcy9WakIKeDhMM3VpTmVNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdHd1lEVlIwUkJCUXdFb0lCS29JTktpNWxlR0Z0Y0d4bApMbU52YlRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQWZQUzQxYWdldldNVjNaWHQwQ09GRzN1WWZQRlhuVnc2ClA0MXA5TzZHa2RZc3VxRnZQZVR5eUgyL2RBSUtLd1N6TS9wdGhnOEtuOExabG1KeUZObkExc3RKeG41WGRiVjEKcFBxajhVdllDQnp5ak1JcW1SeW9peUxpUWxib2hNYTBVZEVCS2NIL1BkTEU5SzhUR0pyWmdvR1hxcTFXbWl0RAozdmNQalNlUEtFaVVKVlM5bENoeVNzMEtZNUIraFVRRDBKajZucEZENFprMHhxZHhoMHJXdWVDcXE3dmpxRVl6CnBqNFB3cnVmbjFQQlRtZnhNdVYvVUpWNWViaWtldVpQMzVrV3pMUjdaV0FMN3d1RGRXcC82bzR5azNRTGFuRFEKQ3dnQ0ZjWCtzcyswVnl1TTNZZXJUT1VVOFFWSkp4NFVaQU5aeDYrNDNwZEpaT2NudFBaNENBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
diff --git a/internal/gatewayapi/testdata/envoyproxy-tls-settings-invalid.out.yaml b/internal/gatewayapi/testdata/envoyproxy-tls-settings-invalid.out.yaml
index 80c15494330..fc0b655ad12 100644
--- a/internal/gatewayapi/testdata/envoyproxy-tls-settings-invalid.out.yaml
+++ b/internal/gatewayapi/testdata/envoyproxy-tls-settings-invalid.out.yaml
@@ -227,7 +227,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -278,10 +278,10 @@ xdsIR:
alpnProtocols: null
certificates:
- name: envoy-gateway/default-cert
- privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV1Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktRd2dnU2dBZ0VBQW9JQkFRQ1pTT21NUlBXWkFqN08KcVFrTVc2d3Bub3NmVCtRMzhmVWJ1U3crRXlablZ1eUNuYlVGZjhIeTVyYkx1K2dmbWszUW8xbnRBVTMzamprUQpXMGQzRHdCdWhKVUM0bkpVRks3cDk2dm9MQ2FTdmlPM0NQbytjUENPdkZ4K1ZrTzYxVkxXOEI2YW04UG5GWndhCmlGRGk0aUdyWXlIK3lsK2RUTmJoZlhIeEJ4T0E1M0IrcTI2K2ZmMFJXUWJKSWNiT1RzOENTSDZJWk1yeGNIcmsKOE1TdjFhWXlQdXpuT1BBQVFsNlRUdlEvNmhJZnF6bXJvd0RIRjRCMENFNUFvb2xFM0ZLT2kwaC9ieTJUN1dxbgo4NkdhdXA0VEtxVnV1Uk5hUU1CZDQ4azA4V3VTUENYSDBoWTVJbm1kdEMxRURKK3pQRk9NUjQycVA0THg5QWdICjNRZTBTMU5yQWdNQkFBRUNnZjk2Zy9QWXh2YVp5NEJuMU5ySkJkOExaT2djYlpjMmdueDZJa3YvVVhaME5obHgKRVlpS2plRmpWNkhXNW9FWHJaKy9tUGY0ZHVzVmFMNzRVOVZvanVQSmNlQWVScmpMM2VPaGJIdGN4KzBnY0dMZwpYeEY5VFJhcDY1VHVVZDFhaTA0aEd3WWY3NXNiUDdSS2JQaXZ3WmdVQWUwQ3BWdWZjaG5YcXJzWXI4cEpZNTFPCldWa1NxejRSWTlXbTBrNUcxSkZ5SXlFQzl1bURsdWpjSE50UlZtYWZrTmZBdENsaVByRktjL245bkpmTzZSRlAKN2c3Vi9JdnFudUlyN1BFM0duNlBhVCtCZ2c0NDh0ZDVKelBwVEE1WkJjQm8yb3J6L2t4WVBGcHIvZ1BVQnFRZApvNm5XcXc3Nlp4d1BsZHdMaEorWFlOWDdvdWN0VVNDTDl1NzdmeUVDZ1lFQXl2N0RseGYrS1FsZkR3bW8vcjFUCjBMMVpuSDQ3MmhpSWVkU2hleVZCSGJFVlRTbXI0MkJSbGpXNERiUmNRTTRWY3h4RGtHclI3NlJHZTlvZzZtemMKUnY4K1ZsQ1gyK3F5OXA1bTZaWHJiQXczMHpDLzVtUGtSV3ViaFVoaSs5ZUNNWmEvaEFJL1JGdjI2OURyQkQyLwo2a2cwRjhYME8vNndJK1dwYXRLM1cwY0NnWUVBd1U5QTZiSnBmYVhLS1hQR21PRy9uVXhUeXp5cVlqS05aSmQvCjlHaEVudUdqSzVDQUVWUEphOGtadmZRemxXbXdaYWZxMERocUk4dkxhRkNEZjhZOEU5OU1hbjNHV2hVYjNWL0oKcU5RUVMzNTZOQ2ZadzdseG9LS0JJdlQ2Y3dpaFRuc0UvUjRIQ3NhbDJ3d040Wmw5SFdOQmdhbVM3VExrejFMaApmd1JEa0wwQ2dZQlo0OWorNW53QTlncG5JVkw1Z3lORGN5WGtlNjNMVlVQU0YwdHV1YitOQTJhNFpiU2RHb0RtCmNHRlJpRVcxMk14OHpjNUpmRlA4dDVVU3NUUVVPeUtNT2VrRDFlcDVVd1B1MjVRYzZldDNUQzNJVW5VWDg3SVkKMzU3ZHRZRkhubFlqMldwemJYOVFxUnk5cmlUMEd0Z0tTZkR2ZWhRK0lQa2szRVZhYlhjT2J3S0JnR0d4QzcwTwp6UUVTcC9nSzZuS1lvNTE2MVY0QWFwcjFzVDhFMFVWUzdGcmU3UGMzTDRHU05saWlhTC8yaVpzWXJteXhUNW1xCjZQanVKUDJ5c3NJQURKeCtYTC8wa0NrMlFiNitpY3NvWUpQR2R6dWthQWpoenVxL05VUFZTanlZUCt6SmZ0dnMKTU9MaFFUQlNCekhidjc3NlNrQ2MwZ1BObEpTeDdnT2l4QUtCQW9HQUpCR1VuM2U1QWZDb21BMUUxRHhSeUxaagpUMFBrQUNlUGpEK3hrRkpod0RoQ2dzd2htNFVKZzFmQW8xaEJRUkZ0dHBWQy91QkxjazE4TUVBSTF2ZGZTeVB2CmtTZzVrVnFQanUzc2czOVRNZ09WZXdqUDNFM0FNUUd1ZzFQNzFZazJ6WUpQbGg5NWRMVTVISlZubzZvdkIrUG0KTHF5K016eDN3a0YwZDhlUFhRND0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=
+ privateKey: '[redacted]'
serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURKRENDQWd5Z0F3SUJBZ0lVU3JTYktMZjBiTEVHb2dXeC9nQ3cyR0N0dnhFd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0V6RVJNQThHQTFVRUF3d0lWR1Z6ZENCSmJtTXdIaGNOTWpRd01qSTVNRGt6TURFd1doY05NelF3TWpJMgpNRGt6TURFd1dqQVRNUkV3RHdZRFZRUUREQWhVWlhOMElFbHVZekNDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFECmdnRVBBRENDQVFvQ2dnRUJBSzFKempQSWlXZzNxb0hTckFkZGtlSmphTVA5aXlNVGkvQlBvOWNKUG9SRThaaTcKV2FwVXJYTC85QTlyK2pITXlHSVpOWk5kY1o1Y1kyWHYwTFA4WnhWeTJsazArM3d0WXpIbnBHWUdWdHlxMnRldApEaEZzaVBsODJZUmpDMG16V2E0UU16NFNYekZITmdJRHBSZGhmcm92bXNldVdHUUU4cFY0VWQ5VUsvU0tpbE1PCnF0QjVKaXJMUDJWczVUMW9XaWNXTFF2ZmJHd3Y3c0ZEZHI5YkcwWHRTUXAxN0hTZ281MFNERTUrQmpTbXB0RncKMVZjS0xscWFoTVhCRERpb3Jnd2hJaEdHS3BFU2VNMFA3YkZoVm1rTTNhc2gyeFNUQnVGVUJEbEU0Sk9haHp3cwpEWHJ1cFVoRGRTMWhkYzJmUHJqaEZBbEpmV0VZWjZCbFpqeXNpVlVDQXdFQUFhTndNRzR3SFFZRFZSME9CQllFCkZCUXVmSzFMaWJ1Vm05VHMvVmpCeDhMM3VpTmVNQjhHQTFVZEl3UVlNQmFBRkJRdWZLMUxpYnVWbTlUcy9WakIKeDhMM3VpTmVNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdHd1lEVlIwUkJCUXdFb0lCS29JTktpNWxlR0Z0Y0d4bApMbU52YlRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQWZQUzQxYWdldldNVjNaWHQwQ09GRzN1WWZQRlhuVnc2ClA0MXA5TzZHa2RZc3VxRnZQZVR5eUgyL2RBSUtLd1N6TS9wdGhnOEtuOExabG1KeUZObkExc3RKeG41WGRiVjEKcFBxajhVdllDQnp5ak1JcW1SeW9peUxpUWxib2hNYTBVZEVCS2NIL1BkTEU5SzhUR0pyWmdvR1hxcTFXbWl0RAozdmNQalNlUEtFaVVKVlM5bENoeVNzMEtZNUIraFVRRDBKajZucEZENFprMHhxZHhoMHJXdWVDcXE3dmpxRVl6CnBqNFB3cnVmbjFQQlRtZnhNdVYvVUpWNWViaWtldVpQMzVrV3pMUjdaV0FMN3d1RGRXcC82bzR5azNRTGFuRFEKQ3dnQ0ZjWCtzcyswVnl1TTNZZXJUT1VVOFFWSkp4NFVaQU5aeDYrNDNwZEpaT2NudFBaNENBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
tcp:
- - address: 0.0.0.0
+ - address: '::'
name: envoy-gateway/gateway-tls/
port: 10445
routes:
@@ -317,11 +317,11 @@ xdsIR:
alpnProtocols: []
certificates:
- name: envoy-gateway/default-cert
- privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV1Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktRd2dnU2dBZ0VBQW9JQkFRQ1pTT21NUlBXWkFqN08KcVFrTVc2d3Bub3NmVCtRMzhmVWJ1U3crRXlablZ1eUNuYlVGZjhIeTVyYkx1K2dmbWszUW8xbnRBVTMzamprUQpXMGQzRHdCdWhKVUM0bkpVRks3cDk2dm9MQ2FTdmlPM0NQbytjUENPdkZ4K1ZrTzYxVkxXOEI2YW04UG5GWndhCmlGRGk0aUdyWXlIK3lsK2RUTmJoZlhIeEJ4T0E1M0IrcTI2K2ZmMFJXUWJKSWNiT1RzOENTSDZJWk1yeGNIcmsKOE1TdjFhWXlQdXpuT1BBQVFsNlRUdlEvNmhJZnF6bXJvd0RIRjRCMENFNUFvb2xFM0ZLT2kwaC9ieTJUN1dxbgo4NkdhdXA0VEtxVnV1Uk5hUU1CZDQ4azA4V3VTUENYSDBoWTVJbm1kdEMxRURKK3pQRk9NUjQycVA0THg5QWdICjNRZTBTMU5yQWdNQkFBRUNnZjk2Zy9QWXh2YVp5NEJuMU5ySkJkOExaT2djYlpjMmdueDZJa3YvVVhaME5obHgKRVlpS2plRmpWNkhXNW9FWHJaKy9tUGY0ZHVzVmFMNzRVOVZvanVQSmNlQWVScmpMM2VPaGJIdGN4KzBnY0dMZwpYeEY5VFJhcDY1VHVVZDFhaTA0aEd3WWY3NXNiUDdSS2JQaXZ3WmdVQWUwQ3BWdWZjaG5YcXJzWXI4cEpZNTFPCldWa1NxejRSWTlXbTBrNUcxSkZ5SXlFQzl1bURsdWpjSE50UlZtYWZrTmZBdENsaVByRktjL245bkpmTzZSRlAKN2c3Vi9JdnFudUlyN1BFM0duNlBhVCtCZ2c0NDh0ZDVKelBwVEE1WkJjQm8yb3J6L2t4WVBGcHIvZ1BVQnFRZApvNm5XcXc3Nlp4d1BsZHdMaEorWFlOWDdvdWN0VVNDTDl1NzdmeUVDZ1lFQXl2N0RseGYrS1FsZkR3bW8vcjFUCjBMMVpuSDQ3MmhpSWVkU2hleVZCSGJFVlRTbXI0MkJSbGpXNERiUmNRTTRWY3h4RGtHclI3NlJHZTlvZzZtemMKUnY4K1ZsQ1gyK3F5OXA1bTZaWHJiQXczMHpDLzVtUGtSV3ViaFVoaSs5ZUNNWmEvaEFJL1JGdjI2OURyQkQyLwo2a2cwRjhYME8vNndJK1dwYXRLM1cwY0NnWUVBd1U5QTZiSnBmYVhLS1hQR21PRy9uVXhUeXp5cVlqS05aSmQvCjlHaEVudUdqSzVDQUVWUEphOGtadmZRemxXbXdaYWZxMERocUk4dkxhRkNEZjhZOEU5OU1hbjNHV2hVYjNWL0oKcU5RUVMzNTZOQ2ZadzdseG9LS0JJdlQ2Y3dpaFRuc0UvUjRIQ3NhbDJ3d040Wmw5SFdOQmdhbVM3VExrejFMaApmd1JEa0wwQ2dZQlo0OWorNW53QTlncG5JVkw1Z3lORGN5WGtlNjNMVlVQU0YwdHV1YitOQTJhNFpiU2RHb0RtCmNHRlJpRVcxMk14OHpjNUpmRlA4dDVVU3NUUVVPeUtNT2VrRDFlcDVVd1B1MjVRYzZldDNUQzNJVW5VWDg3SVkKMzU3ZHRZRkhubFlqMldwemJYOVFxUnk5cmlUMEd0Z0tTZkR2ZWhRK0lQa2szRVZhYlhjT2J3S0JnR0d4QzcwTwp6UUVTcC9nSzZuS1lvNTE2MVY0QWFwcjFzVDhFMFVWUzdGcmU3UGMzTDRHU05saWlhTC8yaVpzWXJteXhUNW1xCjZQanVKUDJ5c3NJQURKeCtYTC8wa0NrMlFiNitpY3NvWUpQR2R6dWthQWpoenVxL05VUFZTanlZUCt6SmZ0dnMKTU9MaFFUQlNCekhidjc3NlNrQ2MwZ1BObEpTeDdnT2l4QUtCQW9HQUpCR1VuM2U1QWZDb21BMUUxRHhSeUxaagpUMFBrQUNlUGpEK3hrRkpod0RoQ2dzd2htNFVKZzFmQW8xaEJRUkZ0dHBWQy91QkxjazE4TUVBSTF2ZGZTeVB2CmtTZzVrVnFQanUzc2czOVRNZ09WZXdqUDNFM0FNUUd1ZzFQNzFZazJ6WUpQbGg5NWRMVTVISlZubzZvdkIrUG0KTHF5K016eDN3a0YwZDhlUFhRND0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=
+ privateKey: '[redacted]'
serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURKRENDQWd5Z0F3SUJBZ0lVU3JTYktMZjBiTEVHb2dXeC9nQ3cyR0N0dnhFd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0V6RVJNQThHQTFVRUF3d0lWR1Z6ZENCSmJtTXdIaGNOTWpRd01qSTVNRGt6TURFd1doY05NelF3TWpJMgpNRGt6TURFd1dqQVRNUkV3RHdZRFZRUUREQWhVWlhOMElFbHVZekNDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFECmdnRVBBRENDQVFvQ2dnRUJBSzFKempQSWlXZzNxb0hTckFkZGtlSmphTVA5aXlNVGkvQlBvOWNKUG9SRThaaTcKV2FwVXJYTC85QTlyK2pITXlHSVpOWk5kY1o1Y1kyWHYwTFA4WnhWeTJsazArM3d0WXpIbnBHWUdWdHlxMnRldApEaEZzaVBsODJZUmpDMG16V2E0UU16NFNYekZITmdJRHBSZGhmcm92bXNldVdHUUU4cFY0VWQ5VUsvU0tpbE1PCnF0QjVKaXJMUDJWczVUMW9XaWNXTFF2ZmJHd3Y3c0ZEZHI5YkcwWHRTUXAxN0hTZ281MFNERTUrQmpTbXB0RncKMVZjS0xscWFoTVhCRERpb3Jnd2hJaEdHS3BFU2VNMFA3YkZoVm1rTTNhc2gyeFNUQnVGVUJEbEU0Sk9haHp3cwpEWHJ1cFVoRGRTMWhkYzJmUHJqaEZBbEpmV0VZWjZCbFpqeXNpVlVDQXdFQUFhTndNRzR3SFFZRFZSME9CQllFCkZCUXVmSzFMaWJ1Vm05VHMvVmpCeDhMM3VpTmVNQjhHQTFVZEl3UVlNQmFBRkJRdWZLMUxpYnVWbTlUcy9WakIKeDhMM3VpTmVNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdHd1lEVlIwUkJCUXdFb0lCS29JTktpNWxlR0Z0Y0d4bApMbU52YlRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQWZQUzQxYWdldldNVjNaWHQwQ09GRzN1WWZQRlhuVnc2ClA0MXA5TzZHa2RZc3VxRnZQZVR5eUgyL2RBSUtLd1N6TS9wdGhnOEtuOExabG1KeUZObkExc3RKeG41WGRiVjEKcFBxajhVdllDQnp5ak1JcW1SeW9peUxpUWxib2hNYTBVZEVCS2NIL1BkTEU5SzhUR0pyWmdvR1hxcTFXbWl0RAozdmNQalNlUEtFaVVKVlM5bENoeVNzMEtZNUIraFVRRDBKajZucEZENFprMHhxZHhoMHJXdWVDcXE3dmpxRVl6CnBqNFB3cnVmbjFQQlRtZnhNdVYvVUpWNWViaWtldVpQMzVrV3pMUjdaV0FMN3d1RGRXcC82bzR5azNRTGFuRFEKQ3dnQ0ZjWCtzcyswVnl1TTNZZXJUT1VVOFFWSkp4NFVaQU5aeDYrNDNwZEpaT2NudFBaNENBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
tls:
alpnProtocols: []
certificates:
- name: envoy-gateway/default-cert
- privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV1Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktRd2dnU2dBZ0VBQW9JQkFRQ1pTT21NUlBXWkFqN08KcVFrTVc2d3Bub3NmVCtRMzhmVWJ1U3crRXlablZ1eUNuYlVGZjhIeTVyYkx1K2dmbWszUW8xbnRBVTMzamprUQpXMGQzRHdCdWhKVUM0bkpVRks3cDk2dm9MQ2FTdmlPM0NQbytjUENPdkZ4K1ZrTzYxVkxXOEI2YW04UG5GWndhCmlGRGk0aUdyWXlIK3lsK2RUTmJoZlhIeEJ4T0E1M0IrcTI2K2ZmMFJXUWJKSWNiT1RzOENTSDZJWk1yeGNIcmsKOE1TdjFhWXlQdXpuT1BBQVFsNlRUdlEvNmhJZnF6bXJvd0RIRjRCMENFNUFvb2xFM0ZLT2kwaC9ieTJUN1dxbgo4NkdhdXA0VEtxVnV1Uk5hUU1CZDQ4azA4V3VTUENYSDBoWTVJbm1kdEMxRURKK3pQRk9NUjQycVA0THg5QWdICjNRZTBTMU5yQWdNQkFBRUNnZjk2Zy9QWXh2YVp5NEJuMU5ySkJkOExaT2djYlpjMmdueDZJa3YvVVhaME5obHgKRVlpS2plRmpWNkhXNW9FWHJaKy9tUGY0ZHVzVmFMNzRVOVZvanVQSmNlQWVScmpMM2VPaGJIdGN4KzBnY0dMZwpYeEY5VFJhcDY1VHVVZDFhaTA0aEd3WWY3NXNiUDdSS2JQaXZ3WmdVQWUwQ3BWdWZjaG5YcXJzWXI4cEpZNTFPCldWa1NxejRSWTlXbTBrNUcxSkZ5SXlFQzl1bURsdWpjSE50UlZtYWZrTmZBdENsaVByRktjL245bkpmTzZSRlAKN2c3Vi9JdnFudUlyN1BFM0duNlBhVCtCZ2c0NDh0ZDVKelBwVEE1WkJjQm8yb3J6L2t4WVBGcHIvZ1BVQnFRZApvNm5XcXc3Nlp4d1BsZHdMaEorWFlOWDdvdWN0VVNDTDl1NzdmeUVDZ1lFQXl2N0RseGYrS1FsZkR3bW8vcjFUCjBMMVpuSDQ3MmhpSWVkU2hleVZCSGJFVlRTbXI0MkJSbGpXNERiUmNRTTRWY3h4RGtHclI3NlJHZTlvZzZtemMKUnY4K1ZsQ1gyK3F5OXA1bTZaWHJiQXczMHpDLzVtUGtSV3ViaFVoaSs5ZUNNWmEvaEFJL1JGdjI2OURyQkQyLwo2a2cwRjhYME8vNndJK1dwYXRLM1cwY0NnWUVBd1U5QTZiSnBmYVhLS1hQR21PRy9uVXhUeXp5cVlqS05aSmQvCjlHaEVudUdqSzVDQUVWUEphOGtadmZRemxXbXdaYWZxMERocUk4dkxhRkNEZjhZOEU5OU1hbjNHV2hVYjNWL0oKcU5RUVMzNTZOQ2ZadzdseG9LS0JJdlQ2Y3dpaFRuc0UvUjRIQ3NhbDJ3d040Wmw5SFdOQmdhbVM3VExrejFMaApmd1JEa0wwQ2dZQlo0OWorNW53QTlncG5JVkw1Z3lORGN5WGtlNjNMVlVQU0YwdHV1YitOQTJhNFpiU2RHb0RtCmNHRlJpRVcxMk14OHpjNUpmRlA4dDVVU3NUUVVPeUtNT2VrRDFlcDVVd1B1MjVRYzZldDNUQzNJVW5VWDg3SVkKMzU3ZHRZRkhubFlqMldwemJYOVFxUnk5cmlUMEd0Z0tTZkR2ZWhRK0lQa2szRVZhYlhjT2J3S0JnR0d4QzcwTwp6UUVTcC9nSzZuS1lvNTE2MVY0QWFwcjFzVDhFMFVWUzdGcmU3UGMzTDRHU05saWlhTC8yaVpzWXJteXhUNW1xCjZQanVKUDJ5c3NJQURKeCtYTC8wa0NrMlFiNitpY3NvWUpQR2R6dWthQWpoenVxL05VUFZTanlZUCt6SmZ0dnMKTU9MaFFUQlNCekhidjc3NlNrQ2MwZ1BObEpTeDdnT2l4QUtCQW9HQUpCR1VuM2U1QWZDb21BMUUxRHhSeUxaagpUMFBrQUNlUGpEK3hrRkpod0RoQ2dzd2htNFVKZzFmQW8xaEJRUkZ0dHBWQy91QkxjazE4TUVBSTF2ZGZTeVB2CmtTZzVrVnFQanUzc2czOVRNZ09WZXdqUDNFM0FNUUd1ZzFQNzFZazJ6WUpQbGg5NWRMVTVISlZubzZvdkIrUG0KTHF5K016eDN3a0YwZDhlUFhRND0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=
+ privateKey: '[redacted]'
serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURKRENDQWd5Z0F3SUJBZ0lVU3JTYktMZjBiTEVHb2dXeC9nQ3cyR0N0dnhFd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0V6RVJNQThHQTFVRUF3d0lWR1Z6ZENCSmJtTXdIaGNOTWpRd01qSTVNRGt6TURFd1doY05NelF3TWpJMgpNRGt6TURFd1dqQVRNUkV3RHdZRFZRUUREQWhVWlhOMElFbHVZekNDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFECmdnRVBBRENDQVFvQ2dnRUJBSzFKempQSWlXZzNxb0hTckFkZGtlSmphTVA5aXlNVGkvQlBvOWNKUG9SRThaaTcKV2FwVXJYTC85QTlyK2pITXlHSVpOWk5kY1o1Y1kyWHYwTFA4WnhWeTJsazArM3d0WXpIbnBHWUdWdHlxMnRldApEaEZzaVBsODJZUmpDMG16V2E0UU16NFNYekZITmdJRHBSZGhmcm92bXNldVdHUUU4cFY0VWQ5VUsvU0tpbE1PCnF0QjVKaXJMUDJWczVUMW9XaWNXTFF2ZmJHd3Y3c0ZEZHI5YkcwWHRTUXAxN0hTZ281MFNERTUrQmpTbXB0RncKMVZjS0xscWFoTVhCRERpb3Jnd2hJaEdHS3BFU2VNMFA3YkZoVm1rTTNhc2gyeFNUQnVGVUJEbEU0Sk9haHp3cwpEWHJ1cFVoRGRTMWhkYzJmUHJqaEZBbEpmV0VZWjZCbFpqeXNpVlVDQXdFQUFhTndNRzR3SFFZRFZSME9CQllFCkZCUXVmSzFMaWJ1Vm05VHMvVmpCeDhMM3VpTmVNQjhHQTFVZEl3UVlNQmFBRkJRdWZLMUxpYnVWbTlUcy9WakIKeDhMM3VpTmVNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdHd1lEVlIwUkJCUXdFb0lCS29JTktpNWxlR0Z0Y0d4bApMbU52YlRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQWZQUzQxYWdldldNVjNaWHQwQ09GRzN1WWZQRlhuVnc2ClA0MXA5TzZHa2RZc3VxRnZQZVR5eUgyL2RBSUtLd1N6TS9wdGhnOEtuOExabG1KeUZObkExc3RKeG41WGRiVjEKcFBxajhVdllDQnp5ak1JcW1SeW9peUxpUWxib2hNYTBVZEVCS2NIL1BkTEU5SzhUR0pyWmdvR1hxcTFXbWl0RAozdmNQalNlUEtFaVVKVlM5bENoeVNzMEtZNUIraFVRRDBKajZucEZENFprMHhxZHhoMHJXdWVDcXE3dmpxRVl6CnBqNFB3cnVmbjFQQlRtZnhNdVYvVUpWNWViaWtldVpQMzVrV3pMUjdaV0FMN3d1RGRXcC82bzR5azNRTGFuRFEKQ3dnQ0ZjWCtzcyswVnl1TTNZZXJUT1VVOFFWSkp4NFVaQU5aeDYrNDNwZEpaT2NudFBaNENBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
diff --git a/internal/gatewayapi/testdata/envoyproxy-tls-settings.out.yaml b/internal/gatewayapi/testdata/envoyproxy-tls-settings.out.yaml
index 137941240af..1157e1f7c7e 100644
--- a/internal/gatewayapi/testdata/envoyproxy-tls-settings.out.yaml
+++ b/internal/gatewayapi/testdata/envoyproxy-tls-settings.out.yaml
@@ -226,7 +226,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -257,7 +257,7 @@ xdsIR:
- ECDHE-ECDSA-AES256-GCM-SHA384
clientCertificates:
- name: envoy-gateway-system/client-auth
- privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV1Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktRd2dnU2dBZ0VBQW9JQkFRQ1pTT21NUlBXWkFqN08KcVFrTVc2d3Bub3NmVCtRMzhmVWJ1U3crRXlablZ1eUNuYlVGZjhIeTVyYkx1K2dmbWszUW8xbnRBVTMzamprUQpXMGQzRHdCdWhKVUM0bkpVRks3cDk2dm9MQ2FTdmlPM0NQbytjUENPdkZ4K1ZrTzYxVkxXOEI2YW04UG5GWndhCmlGRGk0aUdyWXlIK3lsK2RUTmJoZlhIeEJ4T0E1M0IrcTI2K2ZmMFJXUWJKSWNiT1RzOENTSDZJWk1yeGNIcmsKOE1TdjFhWXlQdXpuT1BBQVFsNlRUdlEvNmhJZnF6bXJvd0RIRjRCMENFNUFvb2xFM0ZLT2kwaC9ieTJUN1dxbgo4NkdhdXA0VEtxVnV1Uk5hUU1CZDQ4azA4V3VTUENYSDBoWTVJbm1kdEMxRURKK3pQRk9NUjQycVA0THg5QWdICjNRZTBTMU5yQWdNQkFBRUNnZjk2Zy9QWXh2YVp5NEJuMU5ySkJkOExaT2djYlpjMmdueDZJa3YvVVhaME5obHgKRVlpS2plRmpWNkhXNW9FWHJaKy9tUGY0ZHVzVmFMNzRVOVZvanVQSmNlQWVScmpMM2VPaGJIdGN4KzBnY0dMZwpYeEY5VFJhcDY1VHVVZDFhaTA0aEd3WWY3NXNiUDdSS2JQaXZ3WmdVQWUwQ3BWdWZjaG5YcXJzWXI4cEpZNTFPCldWa1NxejRSWTlXbTBrNUcxSkZ5SXlFQzl1bURsdWpjSE50UlZtYWZrTmZBdENsaVByRktjL245bkpmTzZSRlAKN2c3Vi9JdnFudUlyN1BFM0duNlBhVCtCZ2c0NDh0ZDVKelBwVEE1WkJjQm8yb3J6L2t4WVBGcHIvZ1BVQnFRZApvNm5XcXc3Nlp4d1BsZHdMaEorWFlOWDdvdWN0VVNDTDl1NzdmeUVDZ1lFQXl2N0RseGYrS1FsZkR3bW8vcjFUCjBMMVpuSDQ3MmhpSWVkU2hleVZCSGJFVlRTbXI0MkJSbGpXNERiUmNRTTRWY3h4RGtHclI3NlJHZTlvZzZtemMKUnY4K1ZsQ1gyK3F5OXA1bTZaWHJiQXczMHpDLzVtUGtSV3ViaFVoaSs5ZUNNWmEvaEFJL1JGdjI2OURyQkQyLwo2a2cwRjhYME8vNndJK1dwYXRLM1cwY0NnWUVBd1U5QTZiSnBmYVhLS1hQR21PRy9uVXhUeXp5cVlqS05aSmQvCjlHaEVudUdqSzVDQUVWUEphOGtadmZRemxXbXdaYWZxMERocUk4dkxhRkNEZjhZOEU5OU1hbjNHV2hVYjNWL0oKcU5RUVMzNTZOQ2ZadzdseG9LS0JJdlQ2Y3dpaFRuc0UvUjRIQ3NhbDJ3d040Wmw5SFdOQmdhbVM3VExrejFMaApmd1JEa0wwQ2dZQlo0OWorNW53QTlncG5JVkw1Z3lORGN5WGtlNjNMVlVQU0YwdHV1YitOQTJhNFpiU2RHb0RtCmNHRlJpRVcxMk14OHpjNUpmRlA4dDVVU3NUUVVPeUtNT2VrRDFlcDVVd1B1MjVRYzZldDNUQzNJVW5VWDg3SVkKMzU3ZHRZRkhubFlqMldwemJYOVFxUnk5cmlUMEd0Z0tTZkR2ZWhRK0lQa2szRVZhYlhjT2J3S0JnR0d4QzcwTwp6UUVTcC9nSzZuS1lvNTE2MVY0QWFwcjFzVDhFMFVWUzdGcmU3UGMzTDRHU05saWlhTC8yaVpzWXJteXhUNW1xCjZQanVKUDJ5c3NJQURKeCtYTC8wa0NrMlFiNitpY3NvWUpQR2R6dWthQWpoenVxL05VUFZTanlZUCt6SmZ0dnMKTU9MaFFUQlNCekhidjc3NlNrQ2MwZ1BObEpTeDdnT2l4QUtCQW9HQUpCR1VuM2U1QWZDb21BMUUxRHhSeUxaagpUMFBrQUNlUGpEK3hrRkpod0RoQ2dzd2htNFVKZzFmQW8xaEJRUkZ0dHBWQy91QkxjazE4TUVBSTF2ZGZTeVB2CmtTZzVrVnFQanUzc2czOVRNZ09WZXdqUDNFM0FNUUd1ZzFQNzFZazJ6WUpQbGg5NWRMVTVISlZubzZvdkIrUG0KTHF5K016eDN3a0YwZDhlUFhRND0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=
+ privateKey: '[redacted]'
serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURKRENDQWd5Z0F3SUJBZ0lVU3JTYktMZjBiTEVHb2dXeC9nQ3cyR0N0dnhFd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0V6RVJNQThHQTFVRUF3d0lWR1Z6ZENCSmJtTXdIaGNOTWpRd01qSTVNRGt6TURFd1doY05NelF3TWpJMgpNRGt6TURFd1dqQVRNUkV3RHdZRFZRUUREQWhVWlhOMElFbHVZekNDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFECmdnRVBBRENDQVFvQ2dnRUJBSzFKempQSWlXZzNxb0hTckFkZGtlSmphTVA5aXlNVGkvQlBvOWNKUG9SRThaaTcKV2FwVXJYTC85QTlyK2pITXlHSVpOWk5kY1o1Y1kyWHYwTFA4WnhWeTJsazArM3d0WXpIbnBHWUdWdHlxMnRldApEaEZzaVBsODJZUmpDMG16V2E0UU16NFNYekZITmdJRHBSZGhmcm92bXNldVdHUUU4cFY0VWQ5VUsvU0tpbE1PCnF0QjVKaXJMUDJWczVUMW9XaWNXTFF2ZmJHd3Y3c0ZEZHI5YkcwWHRTUXAxN0hTZ281MFNERTUrQmpTbXB0RncKMVZjS0xscWFoTVhCRERpb3Jnd2hJaEdHS3BFU2VNMFA3YkZoVm1rTTNhc2gyeFNUQnVGVUJEbEU0Sk9haHp3cwpEWHJ1cFVoRGRTMWhkYzJmUHJqaEZBbEpmV0VZWjZCbFpqeXNpVlVDQXdFQUFhTndNRzR3SFFZRFZSME9CQllFCkZCUXVmSzFMaWJ1Vm05VHMvVmpCeDhMM3VpTmVNQjhHQTFVZEl3UVlNQmFBRkJRdWZLMUxpYnVWbTlUcy9WakIKeDhMM3VpTmVNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdHd1lEVlIwUkJCUXdFb0lCS29JTktpNWxlR0Z0Y0d4bApMbU52YlRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQWZQUzQxYWdldldNVjNaWHQwQ09GRzN1WWZQRlhuVnc2ClA0MXA5TzZHa2RZc3VxRnZQZVR5eUgyL2RBSUtLd1N6TS9wdGhnOEtuOExabG1KeUZObkExc3RKeG41WGRiVjEKcFBxajhVdllDQnp5ak1JcW1SeW9peUxpUWxib2hNYTBVZEVCS2NIL1BkTEU5SzhUR0pyWmdvR1hxcTFXbWl0RAozdmNQalNlUEtFaVVKVlM5bENoeVNzMEtZNUIraFVRRDBKajZucEZENFprMHhxZHhoMHJXdWVDcXE3dmpxRVl6CnBqNFB3cnVmbjFQQlRtZnhNdVYvVUpWNWViaWtldVpQMzVrV3pMUjdaV0FMN3d1RGRXcC82bzR5azNRTGFuRFEKQ3dnQ0ZjWCtzcyswVnl1TTNZZXJUT1VVOFFWSkp4NFVaQU5aeDYrNDNwZEpaT2NudFBaNENBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
ecdhCurves:
- ECDHE-RSA-AES128-GCM-SHA256
@@ -281,10 +281,10 @@ xdsIR:
alpnProtocols: null
certificates:
- name: envoy-gateway/default-cert
- privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV1Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktRd2dnU2dBZ0VBQW9JQkFRQ1pTT21NUlBXWkFqN08KcVFrTVc2d3Bub3NmVCtRMzhmVWJ1U3crRXlablZ1eUNuYlVGZjhIeTVyYkx1K2dmbWszUW8xbnRBVTMzamprUQpXMGQzRHdCdWhKVUM0bkpVRks3cDk2dm9MQ2FTdmlPM0NQbytjUENPdkZ4K1ZrTzYxVkxXOEI2YW04UG5GWndhCmlGRGk0aUdyWXlIK3lsK2RUTmJoZlhIeEJ4T0E1M0IrcTI2K2ZmMFJXUWJKSWNiT1RzOENTSDZJWk1yeGNIcmsKOE1TdjFhWXlQdXpuT1BBQVFsNlRUdlEvNmhJZnF6bXJvd0RIRjRCMENFNUFvb2xFM0ZLT2kwaC9ieTJUN1dxbgo4NkdhdXA0VEtxVnV1Uk5hUU1CZDQ4azA4V3VTUENYSDBoWTVJbm1kdEMxRURKK3pQRk9NUjQycVA0THg5QWdICjNRZTBTMU5yQWdNQkFBRUNnZjk2Zy9QWXh2YVp5NEJuMU5ySkJkOExaT2djYlpjMmdueDZJa3YvVVhaME5obHgKRVlpS2plRmpWNkhXNW9FWHJaKy9tUGY0ZHVzVmFMNzRVOVZvanVQSmNlQWVScmpMM2VPaGJIdGN4KzBnY0dMZwpYeEY5VFJhcDY1VHVVZDFhaTA0aEd3WWY3NXNiUDdSS2JQaXZ3WmdVQWUwQ3BWdWZjaG5YcXJzWXI4cEpZNTFPCldWa1NxejRSWTlXbTBrNUcxSkZ5SXlFQzl1bURsdWpjSE50UlZtYWZrTmZBdENsaVByRktjL245bkpmTzZSRlAKN2c3Vi9JdnFudUlyN1BFM0duNlBhVCtCZ2c0NDh0ZDVKelBwVEE1WkJjQm8yb3J6L2t4WVBGcHIvZ1BVQnFRZApvNm5XcXc3Nlp4d1BsZHdMaEorWFlOWDdvdWN0VVNDTDl1NzdmeUVDZ1lFQXl2N0RseGYrS1FsZkR3bW8vcjFUCjBMMVpuSDQ3MmhpSWVkU2hleVZCSGJFVlRTbXI0MkJSbGpXNERiUmNRTTRWY3h4RGtHclI3NlJHZTlvZzZtemMKUnY4K1ZsQ1gyK3F5OXA1bTZaWHJiQXczMHpDLzVtUGtSV3ViaFVoaSs5ZUNNWmEvaEFJL1JGdjI2OURyQkQyLwo2a2cwRjhYME8vNndJK1dwYXRLM1cwY0NnWUVBd1U5QTZiSnBmYVhLS1hQR21PRy9uVXhUeXp5cVlqS05aSmQvCjlHaEVudUdqSzVDQUVWUEphOGtadmZRemxXbXdaYWZxMERocUk4dkxhRkNEZjhZOEU5OU1hbjNHV2hVYjNWL0oKcU5RUVMzNTZOQ2ZadzdseG9LS0JJdlQ2Y3dpaFRuc0UvUjRIQ3NhbDJ3d040Wmw5SFdOQmdhbVM3VExrejFMaApmd1JEa0wwQ2dZQlo0OWorNW53QTlncG5JVkw1Z3lORGN5WGtlNjNMVlVQU0YwdHV1YitOQTJhNFpiU2RHb0RtCmNHRlJpRVcxMk14OHpjNUpmRlA4dDVVU3NUUVVPeUtNT2VrRDFlcDVVd1B1MjVRYzZldDNUQzNJVW5VWDg3SVkKMzU3ZHRZRkhubFlqMldwemJYOVFxUnk5cmlUMEd0Z0tTZkR2ZWhRK0lQa2szRVZhYlhjT2J3S0JnR0d4QzcwTwp6UUVTcC9nSzZuS1lvNTE2MVY0QWFwcjFzVDhFMFVWUzdGcmU3UGMzTDRHU05saWlhTC8yaVpzWXJteXhUNW1xCjZQanVKUDJ5c3NJQURKeCtYTC8wa0NrMlFiNitpY3NvWUpQR2R6dWthQWpoenVxL05VUFZTanlZUCt6SmZ0dnMKTU9MaFFUQlNCekhidjc3NlNrQ2MwZ1BObEpTeDdnT2l4QUtCQW9HQUpCR1VuM2U1QWZDb21BMUUxRHhSeUxaagpUMFBrQUNlUGpEK3hrRkpod0RoQ2dzd2htNFVKZzFmQW8xaEJRUkZ0dHBWQy91QkxjazE4TUVBSTF2ZGZTeVB2CmtTZzVrVnFQanUzc2czOVRNZ09WZXdqUDNFM0FNUUd1ZzFQNzFZazJ6WUpQbGg5NWRMVTVISlZubzZvdkIrUG0KTHF5K016eDN3a0YwZDhlUFhRND0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=
+ privateKey: '[redacted]'
serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURKRENDQWd5Z0F3SUJBZ0lVU3JTYktMZjBiTEVHb2dXeC9nQ3cyR0N0dnhFd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0V6RVJNQThHQTFVRUF3d0lWR1Z6ZENCSmJtTXdIaGNOTWpRd01qSTVNRGt6TURFd1doY05NelF3TWpJMgpNRGt6TURFd1dqQVRNUkV3RHdZRFZRUUREQWhVWlhOMElFbHVZekNDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFECmdnRVBBRENDQVFvQ2dnRUJBSzFKempQSWlXZzNxb0hTckFkZGtlSmphTVA5aXlNVGkvQlBvOWNKUG9SRThaaTcKV2FwVXJYTC85QTlyK2pITXlHSVpOWk5kY1o1Y1kyWHYwTFA4WnhWeTJsazArM3d0WXpIbnBHWUdWdHlxMnRldApEaEZzaVBsODJZUmpDMG16V2E0UU16NFNYekZITmdJRHBSZGhmcm92bXNldVdHUUU4cFY0VWQ5VUsvU0tpbE1PCnF0QjVKaXJMUDJWczVUMW9XaWNXTFF2ZmJHd3Y3c0ZEZHI5YkcwWHRTUXAxN0hTZ281MFNERTUrQmpTbXB0RncKMVZjS0xscWFoTVhCRERpb3Jnd2hJaEdHS3BFU2VNMFA3YkZoVm1rTTNhc2gyeFNUQnVGVUJEbEU0Sk9haHp3cwpEWHJ1cFVoRGRTMWhkYzJmUHJqaEZBbEpmV0VZWjZCbFpqeXNpVlVDQXdFQUFhTndNRzR3SFFZRFZSME9CQllFCkZCUXVmSzFMaWJ1Vm05VHMvVmpCeDhMM3VpTmVNQjhHQTFVZEl3UVlNQmFBRkJRdWZLMUxpYnVWbTlUcy9WakIKeDhMM3VpTmVNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdHd1lEVlIwUkJCUXdFb0lCS29JTktpNWxlR0Z0Y0d4bApMbU52YlRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQWZQUzQxYWdldldNVjNaWHQwQ09GRzN1WWZQRlhuVnc2ClA0MXA5TzZHa2RZc3VxRnZQZVR5eUgyL2RBSUtLd1N6TS9wdGhnOEtuOExabG1KeUZObkExc3RKeG41WGRiVjEKcFBxajhVdllDQnp5ak1JcW1SeW9peUxpUWxib2hNYTBVZEVCS2NIL1BkTEU5SzhUR0pyWmdvR1hxcTFXbWl0RAozdmNQalNlUEtFaVVKVlM5bENoeVNzMEtZNUIraFVRRDBKajZucEZENFprMHhxZHhoMHJXdWVDcXE3dmpxRVl6CnBqNFB3cnVmbjFQQlRtZnhNdVYvVUpWNWViaWtldVpQMzVrV3pMUjdaV0FMN3d1RGRXcC82bzR5azNRTGFuRFEKQ3dnQ0ZjWCtzcyswVnl1TTNZZXJUT1VVOFFWSkp4NFVaQU5aeDYrNDNwZEpaT2NudFBaNENBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
tcp:
- - address: 0.0.0.0
+ - address: '::'
name: envoy-gateway/gateway-tls/
port: 10445
routes:
@@ -305,7 +305,7 @@ xdsIR:
- ECDHE-ECDSA-AES256-GCM-SHA384
clientCertificates:
- name: envoy-gateway-system/client-auth
- privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV1Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktRd2dnU2dBZ0VBQW9JQkFRQ1pTT21NUlBXWkFqN08KcVFrTVc2d3Bub3NmVCtRMzhmVWJ1U3crRXlablZ1eUNuYlVGZjhIeTVyYkx1K2dmbWszUW8xbnRBVTMzamprUQpXMGQzRHdCdWhKVUM0bkpVRks3cDk2dm9MQ2FTdmlPM0NQbytjUENPdkZ4K1ZrTzYxVkxXOEI2YW04UG5GWndhCmlGRGk0aUdyWXlIK3lsK2RUTmJoZlhIeEJ4T0E1M0IrcTI2K2ZmMFJXUWJKSWNiT1RzOENTSDZJWk1yeGNIcmsKOE1TdjFhWXlQdXpuT1BBQVFsNlRUdlEvNmhJZnF6bXJvd0RIRjRCMENFNUFvb2xFM0ZLT2kwaC9ieTJUN1dxbgo4NkdhdXA0VEtxVnV1Uk5hUU1CZDQ4azA4V3VTUENYSDBoWTVJbm1kdEMxRURKK3pQRk9NUjQycVA0THg5QWdICjNRZTBTMU5yQWdNQkFBRUNnZjk2Zy9QWXh2YVp5NEJuMU5ySkJkOExaT2djYlpjMmdueDZJa3YvVVhaME5obHgKRVlpS2plRmpWNkhXNW9FWHJaKy9tUGY0ZHVzVmFMNzRVOVZvanVQSmNlQWVScmpMM2VPaGJIdGN4KzBnY0dMZwpYeEY5VFJhcDY1VHVVZDFhaTA0aEd3WWY3NXNiUDdSS2JQaXZ3WmdVQWUwQ3BWdWZjaG5YcXJzWXI4cEpZNTFPCldWa1NxejRSWTlXbTBrNUcxSkZ5SXlFQzl1bURsdWpjSE50UlZtYWZrTmZBdENsaVByRktjL245bkpmTzZSRlAKN2c3Vi9JdnFudUlyN1BFM0duNlBhVCtCZ2c0NDh0ZDVKelBwVEE1WkJjQm8yb3J6L2t4WVBGcHIvZ1BVQnFRZApvNm5XcXc3Nlp4d1BsZHdMaEorWFlOWDdvdWN0VVNDTDl1NzdmeUVDZ1lFQXl2N0RseGYrS1FsZkR3bW8vcjFUCjBMMVpuSDQ3MmhpSWVkU2hleVZCSGJFVlRTbXI0MkJSbGpXNERiUmNRTTRWY3h4RGtHclI3NlJHZTlvZzZtemMKUnY4K1ZsQ1gyK3F5OXA1bTZaWHJiQXczMHpDLzVtUGtSV3ViaFVoaSs5ZUNNWmEvaEFJL1JGdjI2OURyQkQyLwo2a2cwRjhYME8vNndJK1dwYXRLM1cwY0NnWUVBd1U5QTZiSnBmYVhLS1hQR21PRy9uVXhUeXp5cVlqS05aSmQvCjlHaEVudUdqSzVDQUVWUEphOGtadmZRemxXbXdaYWZxMERocUk4dkxhRkNEZjhZOEU5OU1hbjNHV2hVYjNWL0oKcU5RUVMzNTZOQ2ZadzdseG9LS0JJdlQ2Y3dpaFRuc0UvUjRIQ3NhbDJ3d040Wmw5SFdOQmdhbVM3VExrejFMaApmd1JEa0wwQ2dZQlo0OWorNW53QTlncG5JVkw1Z3lORGN5WGtlNjNMVlVQU0YwdHV1YitOQTJhNFpiU2RHb0RtCmNHRlJpRVcxMk14OHpjNUpmRlA4dDVVU3NUUVVPeUtNT2VrRDFlcDVVd1B1MjVRYzZldDNUQzNJVW5VWDg3SVkKMzU3ZHRZRkhubFlqMldwemJYOVFxUnk5cmlUMEd0Z0tTZkR2ZWhRK0lQa2szRVZhYlhjT2J3S0JnR0d4QzcwTwp6UUVTcC9nSzZuS1lvNTE2MVY0QWFwcjFzVDhFMFVWUzdGcmU3UGMzTDRHU05saWlhTC8yaVpzWXJteXhUNW1xCjZQanVKUDJ5c3NJQURKeCtYTC8wa0NrMlFiNitpY3NvWUpQR2R6dWthQWpoenVxL05VUFZTanlZUCt6SmZ0dnMKTU9MaFFUQlNCekhidjc3NlNrQ2MwZ1BObEpTeDdnT2l4QUtCQW9HQUpCR1VuM2U1QWZDb21BMUUxRHhSeUxaagpUMFBrQUNlUGpEK3hrRkpod0RoQ2dzd2htNFVKZzFmQW8xaEJRUkZ0dHBWQy91QkxjazE4TUVBSTF2ZGZTeVB2CmtTZzVrVnFQanUzc2czOVRNZ09WZXdqUDNFM0FNUUd1ZzFQNzFZazJ6WUpQbGg5NWRMVTVISlZubzZvdkIrUG0KTHF5K016eDN3a0YwZDhlUFhRND0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=
+ privateKey: '[redacted]'
serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURKRENDQWd5Z0F3SUJBZ0lVU3JTYktMZjBiTEVHb2dXeC9nQ3cyR0N0dnhFd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0V6RVJNQThHQTFVRUF3d0lWR1Z6ZENCSmJtTXdIaGNOTWpRd01qSTVNRGt6TURFd1doY05NelF3TWpJMgpNRGt6TURFd1dqQVRNUkV3RHdZRFZRUUREQWhVWlhOMElFbHVZekNDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFECmdnRVBBRENDQVFvQ2dnRUJBSzFKempQSWlXZzNxb0hTckFkZGtlSmphTVA5aXlNVGkvQlBvOWNKUG9SRThaaTcKV2FwVXJYTC85QTlyK2pITXlHSVpOWk5kY1o1Y1kyWHYwTFA4WnhWeTJsazArM3d0WXpIbnBHWUdWdHlxMnRldApEaEZzaVBsODJZUmpDMG16V2E0UU16NFNYekZITmdJRHBSZGhmcm92bXNldVdHUUU4cFY0VWQ5VUsvU0tpbE1PCnF0QjVKaXJMUDJWczVUMW9XaWNXTFF2ZmJHd3Y3c0ZEZHI5YkcwWHRTUXAxN0hTZ281MFNERTUrQmpTbXB0RncKMVZjS0xscWFoTVhCRERpb3Jnd2hJaEdHS3BFU2VNMFA3YkZoVm1rTTNhc2gyeFNUQnVGVUJEbEU0Sk9haHp3cwpEWHJ1cFVoRGRTMWhkYzJmUHJqaEZBbEpmV0VZWjZCbFpqeXNpVlVDQXdFQUFhTndNRzR3SFFZRFZSME9CQllFCkZCUXVmSzFMaWJ1Vm05VHMvVmpCeDhMM3VpTmVNQjhHQTFVZEl3UVlNQmFBRkJRdWZLMUxpYnVWbTlUcy9WakIKeDhMM3VpTmVNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdHd1lEVlIwUkJCUXdFb0lCS29JTktpNWxlR0Z0Y0d4bApMbU52YlRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQWZQUzQxYWdldldNVjNaWHQwQ09GRzN1WWZQRlhuVnc2ClA0MXA5TzZHa2RZc3VxRnZQZVR5eUgyL2RBSUtLd1N6TS9wdGhnOEtuOExabG1KeUZObkExc3RKeG41WGRiVjEKcFBxajhVdllDQnp5ak1JcW1SeW9peUxpUWxib2hNYTBVZEVCS2NIL1BkTEU5SzhUR0pyWmdvR1hxcTFXbWl0RAozdmNQalNlUEtFaVVKVlM5bENoeVNzMEtZNUIraFVRRDBKajZucEZENFprMHhxZHhoMHJXdWVDcXE3dmpxRVl6CnBqNFB3cnVmbjFQQlRtZnhNdVYvVUpWNWViaWtldVpQMzVrV3pMUjdaV0FMN3d1RGRXcC82bzR5azNRTGFuRFEKQ3dnQ0ZjWCtzcyswVnl1TTNZZXJUT1VVOFFWSkp4NFVaQU5aeDYrNDNwZEpaT2NudFBaNENBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
ecdhCurves:
- ECDHE-RSA-AES128-GCM-SHA256
@@ -324,11 +324,11 @@ xdsIR:
alpnProtocols: []
certificates:
- name: envoy-gateway/default-cert
- privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV1Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktRd2dnU2dBZ0VBQW9JQkFRQ1pTT21NUlBXWkFqN08KcVFrTVc2d3Bub3NmVCtRMzhmVWJ1U3crRXlablZ1eUNuYlVGZjhIeTVyYkx1K2dmbWszUW8xbnRBVTMzamprUQpXMGQzRHdCdWhKVUM0bkpVRks3cDk2dm9MQ2FTdmlPM0NQbytjUENPdkZ4K1ZrTzYxVkxXOEI2YW04UG5GWndhCmlGRGk0aUdyWXlIK3lsK2RUTmJoZlhIeEJ4T0E1M0IrcTI2K2ZmMFJXUWJKSWNiT1RzOENTSDZJWk1yeGNIcmsKOE1TdjFhWXlQdXpuT1BBQVFsNlRUdlEvNmhJZnF6bXJvd0RIRjRCMENFNUFvb2xFM0ZLT2kwaC9ieTJUN1dxbgo4NkdhdXA0VEtxVnV1Uk5hUU1CZDQ4azA4V3VTUENYSDBoWTVJbm1kdEMxRURKK3pQRk9NUjQycVA0THg5QWdICjNRZTBTMU5yQWdNQkFBRUNnZjk2Zy9QWXh2YVp5NEJuMU5ySkJkOExaT2djYlpjMmdueDZJa3YvVVhaME5obHgKRVlpS2plRmpWNkhXNW9FWHJaKy9tUGY0ZHVzVmFMNzRVOVZvanVQSmNlQWVScmpMM2VPaGJIdGN4KzBnY0dMZwpYeEY5VFJhcDY1VHVVZDFhaTA0aEd3WWY3NXNiUDdSS2JQaXZ3WmdVQWUwQ3BWdWZjaG5YcXJzWXI4cEpZNTFPCldWa1NxejRSWTlXbTBrNUcxSkZ5SXlFQzl1bURsdWpjSE50UlZtYWZrTmZBdENsaVByRktjL245bkpmTzZSRlAKN2c3Vi9JdnFudUlyN1BFM0duNlBhVCtCZ2c0NDh0ZDVKelBwVEE1WkJjQm8yb3J6L2t4WVBGcHIvZ1BVQnFRZApvNm5XcXc3Nlp4d1BsZHdMaEorWFlOWDdvdWN0VVNDTDl1NzdmeUVDZ1lFQXl2N0RseGYrS1FsZkR3bW8vcjFUCjBMMVpuSDQ3MmhpSWVkU2hleVZCSGJFVlRTbXI0MkJSbGpXNERiUmNRTTRWY3h4RGtHclI3NlJHZTlvZzZtemMKUnY4K1ZsQ1gyK3F5OXA1bTZaWHJiQXczMHpDLzVtUGtSV3ViaFVoaSs5ZUNNWmEvaEFJL1JGdjI2OURyQkQyLwo2a2cwRjhYME8vNndJK1dwYXRLM1cwY0NnWUVBd1U5QTZiSnBmYVhLS1hQR21PRy9uVXhUeXp5cVlqS05aSmQvCjlHaEVudUdqSzVDQUVWUEphOGtadmZRemxXbXdaYWZxMERocUk4dkxhRkNEZjhZOEU5OU1hbjNHV2hVYjNWL0oKcU5RUVMzNTZOQ2ZadzdseG9LS0JJdlQ2Y3dpaFRuc0UvUjRIQ3NhbDJ3d040Wmw5SFdOQmdhbVM3VExrejFMaApmd1JEa0wwQ2dZQlo0OWorNW53QTlncG5JVkw1Z3lORGN5WGtlNjNMVlVQU0YwdHV1YitOQTJhNFpiU2RHb0RtCmNHRlJpRVcxMk14OHpjNUpmRlA4dDVVU3NUUVVPeUtNT2VrRDFlcDVVd1B1MjVRYzZldDNUQzNJVW5VWDg3SVkKMzU3ZHRZRkhubFlqMldwemJYOVFxUnk5cmlUMEd0Z0tTZkR2ZWhRK0lQa2szRVZhYlhjT2J3S0JnR0d4QzcwTwp6UUVTcC9nSzZuS1lvNTE2MVY0QWFwcjFzVDhFMFVWUzdGcmU3UGMzTDRHU05saWlhTC8yaVpzWXJteXhUNW1xCjZQanVKUDJ5c3NJQURKeCtYTC8wa0NrMlFiNitpY3NvWUpQR2R6dWthQWpoenVxL05VUFZTanlZUCt6SmZ0dnMKTU9MaFFUQlNCekhidjc3NlNrQ2MwZ1BObEpTeDdnT2l4QUtCQW9HQUpCR1VuM2U1QWZDb21BMUUxRHhSeUxaagpUMFBrQUNlUGpEK3hrRkpod0RoQ2dzd2htNFVKZzFmQW8xaEJRUkZ0dHBWQy91QkxjazE4TUVBSTF2ZGZTeVB2CmtTZzVrVnFQanUzc2czOVRNZ09WZXdqUDNFM0FNUUd1ZzFQNzFZazJ6WUpQbGg5NWRMVTVISlZubzZvdkIrUG0KTHF5K016eDN3a0YwZDhlUFhRND0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=
+ privateKey: '[redacted]'
serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURKRENDQWd5Z0F3SUJBZ0lVU3JTYktMZjBiTEVHb2dXeC9nQ3cyR0N0dnhFd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0V6RVJNQThHQTFVRUF3d0lWR1Z6ZENCSmJtTXdIaGNOTWpRd01qSTVNRGt6TURFd1doY05NelF3TWpJMgpNRGt6TURFd1dqQVRNUkV3RHdZRFZRUUREQWhVWlhOMElFbHVZekNDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFECmdnRVBBRENDQVFvQ2dnRUJBSzFKempQSWlXZzNxb0hTckFkZGtlSmphTVA5aXlNVGkvQlBvOWNKUG9SRThaaTcKV2FwVXJYTC85QTlyK2pITXlHSVpOWk5kY1o1Y1kyWHYwTFA4WnhWeTJsazArM3d0WXpIbnBHWUdWdHlxMnRldApEaEZzaVBsODJZUmpDMG16V2E0UU16NFNYekZITmdJRHBSZGhmcm92bXNldVdHUUU4cFY0VWQ5VUsvU0tpbE1PCnF0QjVKaXJMUDJWczVUMW9XaWNXTFF2ZmJHd3Y3c0ZEZHI5YkcwWHRTUXAxN0hTZ281MFNERTUrQmpTbXB0RncKMVZjS0xscWFoTVhCRERpb3Jnd2hJaEdHS3BFU2VNMFA3YkZoVm1rTTNhc2gyeFNUQnVGVUJEbEU0Sk9haHp3cwpEWHJ1cFVoRGRTMWhkYzJmUHJqaEZBbEpmV0VZWjZCbFpqeXNpVlVDQXdFQUFhTndNRzR3SFFZRFZSME9CQllFCkZCUXVmSzFMaWJ1Vm05VHMvVmpCeDhMM3VpTmVNQjhHQTFVZEl3UVlNQmFBRkJRdWZLMUxpYnVWbTlUcy9WakIKeDhMM3VpTmVNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdHd1lEVlIwUkJCUXdFb0lCS29JTktpNWxlR0Z0Y0d4bApMbU52YlRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQWZQUzQxYWdldldNVjNaWHQwQ09GRzN1WWZQRlhuVnc2ClA0MXA5TzZHa2RZc3VxRnZQZVR5eUgyL2RBSUtLd1N6TS9wdGhnOEtuOExabG1KeUZObkExc3RKeG41WGRiVjEKcFBxajhVdllDQnp5ak1JcW1SeW9peUxpUWxib2hNYTBVZEVCS2NIL1BkTEU5SzhUR0pyWmdvR1hxcTFXbWl0RAozdmNQalNlUEtFaVVKVlM5bENoeVNzMEtZNUIraFVRRDBKajZucEZENFprMHhxZHhoMHJXdWVDcXE3dmpxRVl6CnBqNFB3cnVmbjFQQlRtZnhNdVYvVUpWNWViaWtldVpQMzVrV3pMUjdaV0FMN3d1RGRXcC82bzR5azNRTGFuRFEKQ3dnQ0ZjWCtzcyswVnl1TTNZZXJUT1VVOFFWSkp4NFVaQU5aeDYrNDNwZEpaT2NudFBaNENBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
tls:
alpnProtocols: []
certificates:
- name: envoy-gateway/default-cert
- privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV1Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktRd2dnU2dBZ0VBQW9JQkFRQ1pTT21NUlBXWkFqN08KcVFrTVc2d3Bub3NmVCtRMzhmVWJ1U3crRXlablZ1eUNuYlVGZjhIeTVyYkx1K2dmbWszUW8xbnRBVTMzamprUQpXMGQzRHdCdWhKVUM0bkpVRks3cDk2dm9MQ2FTdmlPM0NQbytjUENPdkZ4K1ZrTzYxVkxXOEI2YW04UG5GWndhCmlGRGk0aUdyWXlIK3lsK2RUTmJoZlhIeEJ4T0E1M0IrcTI2K2ZmMFJXUWJKSWNiT1RzOENTSDZJWk1yeGNIcmsKOE1TdjFhWXlQdXpuT1BBQVFsNlRUdlEvNmhJZnF6bXJvd0RIRjRCMENFNUFvb2xFM0ZLT2kwaC9ieTJUN1dxbgo4NkdhdXA0VEtxVnV1Uk5hUU1CZDQ4azA4V3VTUENYSDBoWTVJbm1kdEMxRURKK3pQRk9NUjQycVA0THg5QWdICjNRZTBTMU5yQWdNQkFBRUNnZjk2Zy9QWXh2YVp5NEJuMU5ySkJkOExaT2djYlpjMmdueDZJa3YvVVhaME5obHgKRVlpS2plRmpWNkhXNW9FWHJaKy9tUGY0ZHVzVmFMNzRVOVZvanVQSmNlQWVScmpMM2VPaGJIdGN4KzBnY0dMZwpYeEY5VFJhcDY1VHVVZDFhaTA0aEd3WWY3NXNiUDdSS2JQaXZ3WmdVQWUwQ3BWdWZjaG5YcXJzWXI4cEpZNTFPCldWa1NxejRSWTlXbTBrNUcxSkZ5SXlFQzl1bURsdWpjSE50UlZtYWZrTmZBdENsaVByRktjL245bkpmTzZSRlAKN2c3Vi9JdnFudUlyN1BFM0duNlBhVCtCZ2c0NDh0ZDVKelBwVEE1WkJjQm8yb3J6L2t4WVBGcHIvZ1BVQnFRZApvNm5XcXc3Nlp4d1BsZHdMaEorWFlOWDdvdWN0VVNDTDl1NzdmeUVDZ1lFQXl2N0RseGYrS1FsZkR3bW8vcjFUCjBMMVpuSDQ3MmhpSWVkU2hleVZCSGJFVlRTbXI0MkJSbGpXNERiUmNRTTRWY3h4RGtHclI3NlJHZTlvZzZtemMKUnY4K1ZsQ1gyK3F5OXA1bTZaWHJiQXczMHpDLzVtUGtSV3ViaFVoaSs5ZUNNWmEvaEFJL1JGdjI2OURyQkQyLwo2a2cwRjhYME8vNndJK1dwYXRLM1cwY0NnWUVBd1U5QTZiSnBmYVhLS1hQR21PRy9uVXhUeXp5cVlqS05aSmQvCjlHaEVudUdqSzVDQUVWUEphOGtadmZRemxXbXdaYWZxMERocUk4dkxhRkNEZjhZOEU5OU1hbjNHV2hVYjNWL0oKcU5RUVMzNTZOQ2ZadzdseG9LS0JJdlQ2Y3dpaFRuc0UvUjRIQ3NhbDJ3d040Wmw5SFdOQmdhbVM3VExrejFMaApmd1JEa0wwQ2dZQlo0OWorNW53QTlncG5JVkw1Z3lORGN5WGtlNjNMVlVQU0YwdHV1YitOQTJhNFpiU2RHb0RtCmNHRlJpRVcxMk14OHpjNUpmRlA4dDVVU3NUUVVPeUtNT2VrRDFlcDVVd1B1MjVRYzZldDNUQzNJVW5VWDg3SVkKMzU3ZHRZRkhubFlqMldwemJYOVFxUnk5cmlUMEd0Z0tTZkR2ZWhRK0lQa2szRVZhYlhjT2J3S0JnR0d4QzcwTwp6UUVTcC9nSzZuS1lvNTE2MVY0QWFwcjFzVDhFMFVWUzdGcmU3UGMzTDRHU05saWlhTC8yaVpzWXJteXhUNW1xCjZQanVKUDJ5c3NJQURKeCtYTC8wa0NrMlFiNitpY3NvWUpQR2R6dWthQWpoenVxL05VUFZTanlZUCt6SmZ0dnMKTU9MaFFUQlNCekhidjc3NlNrQ2MwZ1BObEpTeDdnT2l4QUtCQW9HQUpCR1VuM2U1QWZDb21BMUUxRHhSeUxaagpUMFBrQUNlUGpEK3hrRkpod0RoQ2dzd2htNFVKZzFmQW8xaEJRUkZ0dHBWQy91QkxjazE4TUVBSTF2ZGZTeVB2CmtTZzVrVnFQanUzc2czOVRNZ09WZXdqUDNFM0FNUUd1ZzFQNzFZazJ6WUpQbGg5NWRMVTVISlZubzZvdkIrUG0KTHF5K016eDN3a0YwZDhlUFhRND0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=
+ privateKey: '[redacted]'
serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURKRENDQWd5Z0F3SUJBZ0lVU3JTYktMZjBiTEVHb2dXeC9nQ3cyR0N0dnhFd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0V6RVJNQThHQTFVRUF3d0lWR1Z6ZENCSmJtTXdIaGNOTWpRd01qSTVNRGt6TURFd1doY05NelF3TWpJMgpNRGt6TURFd1dqQVRNUkV3RHdZRFZRUUREQWhVWlhOMElFbHVZekNDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFECmdnRVBBRENDQVFvQ2dnRUJBSzFKempQSWlXZzNxb0hTckFkZGtlSmphTVA5aXlNVGkvQlBvOWNKUG9SRThaaTcKV2FwVXJYTC85QTlyK2pITXlHSVpOWk5kY1o1Y1kyWHYwTFA4WnhWeTJsazArM3d0WXpIbnBHWUdWdHlxMnRldApEaEZzaVBsODJZUmpDMG16V2E0UU16NFNYekZITmdJRHBSZGhmcm92bXNldVdHUUU4cFY0VWQ5VUsvU0tpbE1PCnF0QjVKaXJMUDJWczVUMW9XaWNXTFF2ZmJHd3Y3c0ZEZHI5YkcwWHRTUXAxN0hTZ281MFNERTUrQmpTbXB0RncKMVZjS0xscWFoTVhCRERpb3Jnd2hJaEdHS3BFU2VNMFA3YkZoVm1rTTNhc2gyeFNUQnVGVUJEbEU0Sk9haHp3cwpEWHJ1cFVoRGRTMWhkYzJmUHJqaEZBbEpmV0VZWjZCbFpqeXNpVlVDQXdFQUFhTndNRzR3SFFZRFZSME9CQllFCkZCUXVmSzFMaWJ1Vm05VHMvVmpCeDhMM3VpTmVNQjhHQTFVZEl3UVlNQmFBRkJRdWZLMUxpYnVWbTlUcy9WakIKeDhMM3VpTmVNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdHd1lEVlIwUkJCUXdFb0lCS29JTktpNWxlR0Z0Y0d4bApMbU52YlRBTkJna3Foa2lHOXcwQkFRc0ZBQU9DQVFFQWZQUzQxYWdldldNVjNaWHQwQ09GRzN1WWZQRlhuVnc2ClA0MXA5TzZHa2RZc3VxRnZQZVR5eUgyL2RBSUtLd1N6TS9wdGhnOEtuOExabG1KeUZObkExc3RKeG41WGRiVjEKcFBxajhVdllDQnp5ak1JcW1SeW9peUxpUWxib2hNYTBVZEVCS2NIL1BkTEU5SzhUR0pyWmdvR1hxcTFXbWl0RAozdmNQalNlUEtFaVVKVlM5bENoeVNzMEtZNUIraFVRRDBKajZucEZENFprMHhxZHhoMHJXdWVDcXE3dmpxRVl6CnBqNFB3cnVmbjFQQlRtZnhNdVYvVUpWNWViaWtldVpQMzVrV3pMUjdaV0FMN3d1RGRXcC82bzR5azNRTGFuRFEKQ3dnQ0ZjWCtzcyswVnl1TTNZZXJUT1VVOFFWSkp4NFVaQU5aeDYrNDNwZEpaT2NudFBaNENBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
diff --git a/internal/gatewayapi/testdata/envoyproxy-tracing-backend-invalid.out.yaml b/internal/gatewayapi/testdata/envoyproxy-tracing-backend-invalid.out.yaml
index 3506b9a0aba..1a43989014b 100644
--- a/internal/gatewayapi/testdata/envoyproxy-tracing-backend-invalid.out.yaml
+++ b/internal/gatewayapi/testdata/envoyproxy-tracing-backend-invalid.out.yaml
@@ -135,7 +135,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/envoyproxy-tracing-backend.out.yaml b/internal/gatewayapi/testdata/envoyproxy-tracing-backend.out.yaml
index b3a44d78fdc..cb5292b6d20 100644
--- a/internal/gatewayapi/testdata/envoyproxy-tracing-backend.out.yaml
+++ b/internal/gatewayapi/testdata/envoyproxy-tracing-backend.out.yaml
@@ -155,7 +155,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/envoyproxy-valid.out.yaml b/internal/gatewayapi/testdata/envoyproxy-valid.out.yaml
index 5bd374167ee..6df12542bcc 100644
--- a/internal/gatewayapi/testdata/envoyproxy-valid.out.yaml
+++ b/internal/gatewayapi/testdata/envoyproxy-valid.out.yaml
@@ -119,7 +119,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/extensions/extensionpolicy-tcp-listener.out.yaml b/internal/gatewayapi/testdata/extensions/extensionpolicy-tcp-listener.out.yaml
index 0095b815fd7..731eebc1c72 100644
--- a/internal/gatewayapi/testdata/extensions/extensionpolicy-tcp-listener.out.yaml
+++ b/internal/gatewayapi/testdata/extensions/extensionpolicy-tcp-listener.out.yaml
@@ -146,7 +146,7 @@ xdsIR:
text:
- path: /dev/stdout
tcp:
- - address: 0.0.0.0
+ - address: '::'
extensionRefs:
- object:
apiVersion: foo.example.io/v1alpha1
@@ -204,7 +204,7 @@ xdsIR:
controllerName: gateway.envoyproxy.io/gatewayclass-controller
name: envoy-gateway/gateway-1/tcp1
port: 10080
- - address: 0.0.0.0
+ - address: '::'
extensionRefs:
- object:
apiVersion: foo.example.io/v1alpha1
diff --git a/internal/gatewayapi/testdata/extensions/extensionpolicy-udp-listener.out.yaml b/internal/gatewayapi/testdata/extensions/extensionpolicy-udp-listener.out.yaml
index 1ff835552d9..71e6d1cdfe6 100644
--- a/internal/gatewayapi/testdata/extensions/extensionpolicy-udp-listener.out.yaml
+++ b/internal/gatewayapi/testdata/extensions/extensionpolicy-udp-listener.out.yaml
@@ -146,7 +146,7 @@ xdsIR:
text:
- path: /dev/stdout
udp:
- - address: 0.0.0.0
+ - address: '::'
extensionRefs:
- object:
apiVersion: foo.example.io/v1alpha1
@@ -204,7 +204,7 @@ xdsIR:
controllerName: gateway.envoyproxy.io/gatewayclass-controller
name: envoy-gateway/gateway-1/udp1
port: 10162
- - address: 0.0.0.0
+ - address: '::'
extensionRefs:
- object:
apiVersion: foo.example.io/v1alpha1
diff --git a/internal/gatewayapi/testdata/extensions/extensionpolicy-with-invalid-target.out.yaml b/internal/gatewayapi/testdata/extensions/extensionpolicy-with-invalid-target.out.yaml
index 8140d239ab5..066cd664242 100644
--- a/internal/gatewayapi/testdata/extensions/extensionpolicy-with-invalid-target.out.yaml
+++ b/internal/gatewayapi/testdata/extensions/extensionpolicy-with-invalid-target.out.yaml
@@ -97,7 +97,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -111,7 +111,7 @@ xdsIR:
escapedSlashesAction: UnescapeAndRedirect
mergeSlashes: true
port: 10081
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/extensions/extensionpolicy-with-valid-target-array.out.yaml b/internal/gatewayapi/testdata/extensions/extensionpolicy-with-valid-target-array.out.yaml
index 5a0b8ef2f97..0ba6cb4868c 100644
--- a/internal/gatewayapi/testdata/extensions/extensionpolicy-with-valid-target-array.out.yaml
+++ b/internal/gatewayapi/testdata/extensions/extensionpolicy-with-valid-target-array.out.yaml
@@ -157,7 +157,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
extensionRefs:
- object:
apiVersion: foo.example.io/v1alpha1
@@ -218,7 +218,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
extensionRefs:
- object:
apiVersion: foo.example.io/v1alpha1
diff --git a/internal/gatewayapi/testdata/extensions/extensionpolicy-with-valid-target.out.yaml b/internal/gatewayapi/testdata/extensions/extensionpolicy-with-valid-target.out.yaml
index 29b482ae554..daa4b7e0095 100644
--- a/internal/gatewayapi/testdata/extensions/extensionpolicy-with-valid-target.out.yaml
+++ b/internal/gatewayapi/testdata/extensions/extensionpolicy-with-valid-target.out.yaml
@@ -150,7 +150,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
extensionRefs:
- object:
apiVersion: foo.example.io/v1alpha1
@@ -191,7 +191,7 @@ xdsIR:
escapedSlashesAction: UnescapeAndRedirect
mergeSlashes: true
port: 10081
- - address: 0.0.0.0
+ - address: '::'
extensionRefs:
- object:
apiVersion: foo.example.io/v1alpha1
diff --git a/internal/gatewayapi/testdata/extensions/httproute-with-extension-filter-invalid-group.out.yaml b/internal/gatewayapi/testdata/extensions/httproute-with-extension-filter-invalid-group.out.yaml
index 79aeb1f3eeb..069d311948f 100644
--- a/internal/gatewayapi/testdata/extensions/httproute-with-extension-filter-invalid-group.out.yaml
+++ b/internal/gatewayapi/testdata/extensions/httproute-with-extension-filter-invalid-group.out.yaml
@@ -109,7 +109,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/extensions/httproute-with-non-matching-extension-filter.out.yaml b/internal/gatewayapi/testdata/extensions/httproute-with-non-matching-extension-filter.out.yaml
index d70cea292b5..f2fcc7a5859 100644
--- a/internal/gatewayapi/testdata/extensions/httproute-with-non-matching-extension-filter.out.yaml
+++ b/internal/gatewayapi/testdata/extensions/httproute-with-non-matching-extension-filter.out.yaml
@@ -107,7 +107,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/extensions/httproute-with-unsupported-extension-filter.out.yaml b/internal/gatewayapi/testdata/extensions/httproute-with-unsupported-extension-filter.out.yaml
index 1af974c72bb..13e693b41de 100644
--- a/internal/gatewayapi/testdata/extensions/httproute-with-unsupported-extension-filter.out.yaml
+++ b/internal/gatewayapi/testdata/extensions/httproute-with-unsupported-extension-filter.out.yaml
@@ -107,7 +107,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/extensions/httproute-with-valid-extension-filter.out.yaml b/internal/gatewayapi/testdata/extensions/httproute-with-valid-extension-filter.out.yaml
index 1cb405e4dd8..73664fdf291 100644
--- a/internal/gatewayapi/testdata/extensions/httproute-with-valid-extension-filter.out.yaml
+++ b/internal/gatewayapi/testdata/extensions/httproute-with-valid-extension-filter.out.yaml
@@ -107,7 +107,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/gateway-allows-same-namespace-with-allowed-httproute.out.yaml b/internal/gatewayapi/testdata/gateway-allows-same-namespace-with-allowed-httproute.out.yaml
index 2dd68040951..56b396fa4b6 100644
--- a/internal/gatewayapi/testdata/gateway-allows-same-namespace-with-allowed-httproute.out.yaml
+++ b/internal/gatewayapi/testdata/gateway-allows-same-namespace-with-allowed-httproute.out.yaml
@@ -96,7 +96,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/gateway-allows-same-namespace-with-disallowed-httproute.out.yaml b/internal/gatewayapi/testdata/gateway-allows-same-namespace-with-disallowed-httproute.out.yaml
index 35383fcb502..6dda7c9d89c 100644
--- a/internal/gatewayapi/testdata/gateway-allows-same-namespace-with-disallowed-httproute.out.yaml
+++ b/internal/gatewayapi/testdata/gateway-allows-same-namespace-with-disallowed-httproute.out.yaml
@@ -96,7 +96,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/gateway-http-listener-with-hostname-intersection.out.yaml b/internal/gatewayapi/testdata/gateway-http-listener-with-hostname-intersection.out.yaml
index cb47542a1c7..e384db96691 100644
--- a/internal/gatewayapi/testdata/gateway-http-listener-with-hostname-intersection.out.yaml
+++ b/internal/gatewayapi/testdata/gateway-http-listener-with-hostname-intersection.out.yaml
@@ -172,7 +172,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -204,7 +204,7 @@ xdsIR:
distinct: false
name: ""
prefix: /empty-hostname
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.example.com'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/gateway-infrastructure.out.yaml b/internal/gatewayapi/testdata/gateway-infrastructure.out.yaml
index 7616aff3b9e..fc416f75db4 100644
--- a/internal/gatewayapi/testdata/gateway-infrastructure.out.yaml
+++ b/internal/gatewayapi/testdata/gateway-infrastructure.out.yaml
@@ -114,7 +114,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -153,5 +153,5 @@ xdsIR:
alpnProtocols: null
certificates:
- name: default/tls-secret-1
- privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2QwZlBDYWtweE1nUnUKT0VXQjFiQk5FM3ZseW55aTZWbkV2VWF1OUhvakR2UHVPTFJIaGI4MmoyY1ovMHhnL1lKR09LelBuV2JERkxGNApHdWh3dDRENmFUR0xYNklPODEwTDZ0SXZIWGZNUXRJS2VwdTZ3K3p1WVo4bG1yejB1RjZlWEtqamVIbHhyb2ZrCnVNekM3OUVaU0lYZlZlczJ1SmdVRSs4VGFzSDUzQ2Y4MFNSRGlIeEdxckttdVNjWCtwejBreGdCZ1VWYTVVS20KUWdTZDFmVUxLOUEwNXAxOXkrdURPM204bVhRNkxVQ0N1STFwZHNROGFlNS9zamlxa0VjWlJjMTdWYVgxWjVVaQpvcGZnNW9SY05VTG9VTHNiek9aNTR0YlVDUmdSV2VLbGZxaElINEZ6OUlkVlUyR3dFdEdhMmV6TjgyMVBaQ3QzCjZhbVRIelJsQWdNQkFBRUNnZ0VBWTFGTUlLNDVXTkVNUHJ6RTZUY3NNdVV2RkdhQVZ4bVk5NW5SMEtwajdvb3IKY21CVys2ZXN0TTQ4S1AwaitPbXd3VFpMY29Cd3VoWGN0V1Bob1lXcDhteWUxRUlEdjNyaHRHMDdocEQ1NGg2dgpCZzh3ejdFYStzMk9sT0N6UnlKNzBSY281YlhjWDNGaGJjdnFlRWJwaFFyQnpOSEtLMjZ4cmZqNWZIT3p6T1FGCmJHdUZ3SDVic3JGdFhlajJXM3c4eW90N0ZQSDV3S3RpdnhvSWU5RjMyOXNnOU9EQnZqWnpiaG1LVTArckFTK1kKRGVield2bFJyaEUrbXVmQTN6M0N0QXhDOFJpNzNscFNoTDRQQWlvcG1SUXlxZXRXMjYzOFFxcnM0R3hnNzhwbApJUXJXTmNBc2s3Slg5d3RZenV6UFBXSXRWTTFscFJiQVRhNTJqdFl2NVFLQmdRRE5tMTFtZTRYam1ZSFV2cStZCmFTUzdwK2UybXZEMHVaOU9JeFluQnBWMGkrckNlYnFFMkE1Rm5hcDQ5Yld4QTgwUElldlVkeUpCL2pUUkoxcVMKRUpXQkpMWm1LVkg2K1QwdWw1ZUtOcWxFTFZHU0dCSXNpeE9SUXpDZHBoMkx0UmtBMHVjSVUzY3hiUmVMZkZCRQpiSkdZWENCdlNGcWd0VDlvZTFldVpMVmFOd0tCZ1FERWdENzJENk81eGIweEQ1NDQ1M0RPMUJhZmd6aThCWDRTCk1SaVd2LzFUQ0w5N05sRWtoeXovNmtQd1owbXJRcE5CMzZFdkpKZFVteHdkU2MyWDhrOGcxMC85NVlLQkdWQWoKL3d0YVZYbE9WeEFvK0ZSelpZeFpyQ29uWWFSMHVwUzFybDRtenN4REhlZU9mUVZUTUgwUjdZN0pnbTA5dXQ4SwplanAvSXZBb1F3S0JnQjNaRWlRUWhvMVYrWjBTMlpiOG5KS0plMy9zMmxJTXFHM0ZkaS9RS3Q0eWViQWx6OGY5ClBZVXBzRmZEQTg5Z3grSU1nSm5sZVptdTk2ZnRXSjZmdmJSenllN216TG5zZU05TXZua1lHbGFGWmJRWnZubXMKN3ZoRmtzY3dHRlh4d21GMlBJZmU1Z3pNMDRBeVdjeTFIaVhLS2dNOXM3cGsxWUdyZGowZzdacmRBb0dCQUtLNApDR3MrbkRmMEZTMFJYOWFEWVJrRTdBNy9YUFhtSG5YMkRnU1h5N0Q4NTRPaWdTTWNoUmtPNTErbVNJejNQbllvCk41T1FXM2lHVVl1M1YvYmhnc0VSUzM1V2xmRk9BdDBzRUR5bjF5SVdXcDF5dG93d3BUNkVvUXVuZ2NYZjA5RjMKS1NROXowd3M4VmsvRWkvSFVXcU5LOWFXbU51cmFaT0ZqL2REK1ZkOUFvR0FMWFN3dEE3K043RDRkN0VEMURSRQpHTWdZNVd3OHFvdDZSdUNlNkpUY0FnU3B1MkhNU3JVY2dXclpiQnJZb09FUnVNQjFoMVJydk5ybU1qQlM0VW9FClgyZC8vbGhpOG1wL2VESWN3UDNRa2puanBJRFJWMFN1eWxrUkVaZURKZjVZb3R6eDdFdkJhbzFIbkQrWEg4eUIKVUtmWGJTaHZKVUdhRmgxT3Q1Y3JoM1k9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
+ privateKey: '[redacted]'
serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUREVENDQWZXZ0F3SUJBZ0lVRUZNaFA5ZUo5WEFCV3NRNVptNmJSazJjTE5Rd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZqRVVNQklHQTFVRUF3d0xabTl2TG1KaGNpNWpiMjB3SGhjTk1qUXdNakk1TURrek1ERXdXaGNOTXpRdwpNakkyTURrek1ERXdXakFXTVJRd0VnWURWUVFEREF0bWIyOHVZbUZ5TG1OdmJUQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFKbEk2WXhFOVprQ1BzNnBDUXhickNtZWl4OVA1RGZ4OVJ1NUxENFQKSm1kVzdJS2R0UVYvd2ZMbXRzdTc2QithVGRDaldlMEJUZmVPT1JCYlIzY1BBRzZFbFFMaWNsUVVydW4zcStncwpKcEsrSTdjSStqNXc4STY4WEg1V1E3clZVdGJ3SHBxYncrY1ZuQnFJVU9MaUlhdGpJZjdLWDUxTTF1RjljZkVICkU0RG5jSDZyYnI1OS9SRlpCc2toeHM1T3p3Sklmb2hreXZGd2V1VHd4Sy9WcGpJKzdPYzQ4QUJDWHBOTzlEL3EKRWgrck9hdWpBTWNYZ0hRSVRrQ2lpVVRjVW82TFNIOXZMWlB0YXFmem9acTZuaE1xcFc2NUUxcEF3RjNqeVRUeAphNUk4SmNmU0Zqa2llWjIwTFVRTW43TThVNHhIamFvL2d2SDBDQWZkQjdSTFUyc0NBd0VBQWFOVE1GRXdIUVlEClZSME9CQllFRk9SQ0U4dS8xRERXN2loWnA3Y3g5dFNtUG02T01COEdBMVVkSXdRWU1CYUFGT1JDRTh1LzFERFcKN2loWnA3Y3g5dFNtUG02T01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQgpBRnQ1M3pqc3FUYUg1YThFMmNodm1XQWdDcnhSSzhiVkxNeGl3TkdqYm1FUFJ6K3c2TngrazBBOEtFY0lEc0tjClNYY2k1OHU0b1didFZKQmx6YS9adWpIUjZQMUJuT3BsK2FveTc4NGJiZDRQMzl3VExvWGZNZmJCQ20xdmV2aDkKQUpLbncyWnRxcjRta2JMY3hFcWxxM3NCTEZBUzlzUUxuS05DZTJjR0xkVHAyYm9HK3FjZ3lRZ0NJTTZmOEVNdgpXUGlmQ01NR3V6Sy9HUkY0YlBPL1lGNDhld0R1M1VlaWgwWFhkVUFPRTlDdFVhOE5JaGMxVVBhT3pQcnRZVnFyClpPR2t2L0t1K0I3OGg4U0VzTzlYclFjdXdiT25KeDZLdFIrYWV5a3ZBcFhDUTNmWkMvYllLQUFSK1A4QUpvUVoKYndJVW1YaTRnajVtK2JLUGhlK2lyK0U9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
diff --git a/internal/gatewayapi/testdata/gateway-with-addresses-with-ipaddress.out.yaml b/internal/gatewayapi/testdata/gateway-with-addresses-with-ipaddress.out.yaml
index 798641857cd..2eb3f6ba8ea 100644
--- a/internal/gatewayapi/testdata/gateway-with-addresses-with-ipaddress.out.yaml
+++ b/internal/gatewayapi/testdata/gateway-with-addresses-with-ipaddress.out.yaml
@@ -66,6 +66,6 @@ xdsIR:
text:
- path: /dev/stdout
tcp:
- - address: 0.0.0.0
+ - address: '::'
name: envoy-gateway/gateway-1/tcp
port: 10080
diff --git a/internal/gatewayapi/testdata/gateway-with-infrastructure-parametersref.out.yaml b/internal/gatewayapi/testdata/gateway-with-infrastructure-parametersref.out.yaml
index 8794f263e57..a4c79fa1d29 100644
--- a/internal/gatewayapi/testdata/gateway-with-infrastructure-parametersref.out.yaml
+++ b/internal/gatewayapi/testdata/gateway-with-infrastructure-parametersref.out.yaml
@@ -123,7 +123,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/gateway-with-invalid-infrastructure-parametersref-does-not-exist.out.yaml b/internal/gatewayapi/testdata/gateway-with-invalid-infrastructure-parametersref-does-not-exist.out.yaml
index deed8d261b5..c458d7e982f 100644
--- a/internal/gatewayapi/testdata/gateway-with-invalid-infrastructure-parametersref-does-not-exist.out.yaml
+++ b/internal/gatewayapi/testdata/gateway-with-invalid-infrastructure-parametersref-does-not-exist.out.yaml
@@ -106,7 +106,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/gateway-with-invalid-infrastructure-parametersref-fallback.out.yaml b/internal/gatewayapi/testdata/gateway-with-invalid-infrastructure-parametersref-fallback.out.yaml
index 0ec88f622c9..e9402d144eb 100644
--- a/internal/gatewayapi/testdata/gateway-with-invalid-infrastructure-parametersref-fallback.out.yaml
+++ b/internal/gatewayapi/testdata/gateway-with-invalid-infrastructure-parametersref-fallback.out.yaml
@@ -123,7 +123,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-mismatch-port-protocol.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-mismatch-port-protocol.out.yaml
index 866ca1e861a..d6fcc45aa78 100644
--- a/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-mismatch-port-protocol.out.yaml
+++ b/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-mismatch-port-protocol.out.yaml
@@ -91,7 +91,7 @@ xdsIR:
text:
- path: /dev/stdout
tcp:
- - address: 0.0.0.0
+ - address: '::'
name: envoy-gateway/gateway-1/tcp
port: 10162
routes:
diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-multiple-backends.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-multiple-backends.out.yaml
index cbc01a3d11d..042f236965e 100644
--- a/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-multiple-backends.out.yaml
+++ b/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-multiple-backends.out.yaml
@@ -95,7 +95,7 @@ xdsIR:
text:
- path: /dev/stdout
tcp:
- - address: 0.0.0.0
+ - address: '::'
name: envoy-gateway/gateway-1/tcp
port: 10080
routes:
diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-multiple-rules.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-multiple-rules.out.yaml
index 7e583a73bda..15fcf27bc68 100644
--- a/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-multiple-rules.out.yaml
+++ b/internal/gatewayapi/testdata/gateway-with-listener-with-tcproute-with-multiple-rules.out.yaml
@@ -96,6 +96,6 @@ xdsIR:
text:
- path: /dev/stdout
tcp:
- - address: 0.0.0.0
+ - address: '::'
name: envoy-gateway/gateway-1/tcp
port: 10080
diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-tls-secret-in-other-namespace-allowed-by-refgrant.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-tls-secret-in-other-namespace-allowed-by-refgrant.out.yaml
index 649a4555722..cfbff1ff11a 100644
--- a/internal/gatewayapi/testdata/gateway-with-listener-with-tls-secret-in-other-namespace-allowed-by-refgrant.out.yaml
+++ b/internal/gatewayapi/testdata/gateway-with-listener-with-tls-secret-in-other-namespace-allowed-by-refgrant.out.yaml
@@ -103,7 +103,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -142,5 +142,5 @@ xdsIR:
alpnProtocols: null
certificates:
- name: default/tls-secret-1
- privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2QwZlBDYWtweE1nUnUKT0VXQjFiQk5FM3ZseW55aTZWbkV2VWF1OUhvakR2UHVPTFJIaGI4MmoyY1ovMHhnL1lKR09LelBuV2JERkxGNApHdWh3dDRENmFUR0xYNklPODEwTDZ0SXZIWGZNUXRJS2VwdTZ3K3p1WVo4bG1yejB1RjZlWEtqamVIbHhyb2ZrCnVNekM3OUVaU0lYZlZlczJ1SmdVRSs4VGFzSDUzQ2Y4MFNSRGlIeEdxckttdVNjWCtwejBreGdCZ1VWYTVVS20KUWdTZDFmVUxLOUEwNXAxOXkrdURPM204bVhRNkxVQ0N1STFwZHNROGFlNS9zamlxa0VjWlJjMTdWYVgxWjVVaQpvcGZnNW9SY05VTG9VTHNiek9aNTR0YlVDUmdSV2VLbGZxaElINEZ6OUlkVlUyR3dFdEdhMmV6TjgyMVBaQ3QzCjZhbVRIelJsQWdNQkFBRUNnZ0VBWTFGTUlLNDVXTkVNUHJ6RTZUY3NNdVV2RkdhQVZ4bVk5NW5SMEtwajdvb3IKY21CVys2ZXN0TTQ4S1AwaitPbXd3VFpMY29Cd3VoWGN0V1Bob1lXcDhteWUxRUlEdjNyaHRHMDdocEQ1NGg2dgpCZzh3ejdFYStzMk9sT0N6UnlKNzBSY281YlhjWDNGaGJjdnFlRWJwaFFyQnpOSEtLMjZ4cmZqNWZIT3p6T1FGCmJHdUZ3SDVic3JGdFhlajJXM3c4eW90N0ZQSDV3S3RpdnhvSWU5RjMyOXNnOU9EQnZqWnpiaG1LVTArckFTK1kKRGVield2bFJyaEUrbXVmQTN6M0N0QXhDOFJpNzNscFNoTDRQQWlvcG1SUXlxZXRXMjYzOFFxcnM0R3hnNzhwbApJUXJXTmNBc2s3Slg5d3RZenV6UFBXSXRWTTFscFJiQVRhNTJqdFl2NVFLQmdRRE5tMTFtZTRYam1ZSFV2cStZCmFTUzdwK2UybXZEMHVaOU9JeFluQnBWMGkrckNlYnFFMkE1Rm5hcDQ5Yld4QTgwUElldlVkeUpCL2pUUkoxcVMKRUpXQkpMWm1LVkg2K1QwdWw1ZUtOcWxFTFZHU0dCSXNpeE9SUXpDZHBoMkx0UmtBMHVjSVUzY3hiUmVMZkZCRQpiSkdZWENCdlNGcWd0VDlvZTFldVpMVmFOd0tCZ1FERWdENzJENk81eGIweEQ1NDQ1M0RPMUJhZmd6aThCWDRTCk1SaVd2LzFUQ0w5N05sRWtoeXovNmtQd1owbXJRcE5CMzZFdkpKZFVteHdkU2MyWDhrOGcxMC85NVlLQkdWQWoKL3d0YVZYbE9WeEFvK0ZSelpZeFpyQ29uWWFSMHVwUzFybDRtenN4REhlZU9mUVZUTUgwUjdZN0pnbTA5dXQ4SwplanAvSXZBb1F3S0JnQjNaRWlRUWhvMVYrWjBTMlpiOG5KS0plMy9zMmxJTXFHM0ZkaS9RS3Q0eWViQWx6OGY5ClBZVXBzRmZEQTg5Z3grSU1nSm5sZVptdTk2ZnRXSjZmdmJSenllN216TG5zZU05TXZua1lHbGFGWmJRWnZubXMKN3ZoRmtzY3dHRlh4d21GMlBJZmU1Z3pNMDRBeVdjeTFIaVhLS2dNOXM3cGsxWUdyZGowZzdacmRBb0dCQUtLNApDR3MrbkRmMEZTMFJYOWFEWVJrRTdBNy9YUFhtSG5YMkRnU1h5N0Q4NTRPaWdTTWNoUmtPNTErbVNJejNQbllvCk41T1FXM2lHVVl1M1YvYmhnc0VSUzM1V2xmRk9BdDBzRUR5bjF5SVdXcDF5dG93d3BUNkVvUXVuZ2NYZjA5RjMKS1NROXowd3M4VmsvRWkvSFVXcU5LOWFXbU51cmFaT0ZqL2REK1ZkOUFvR0FMWFN3dEE3K043RDRkN0VEMURSRQpHTWdZNVd3OHFvdDZSdUNlNkpUY0FnU3B1MkhNU3JVY2dXclpiQnJZb09FUnVNQjFoMVJydk5ybU1qQlM0VW9FClgyZC8vbGhpOG1wL2VESWN3UDNRa2puanBJRFJWMFN1eWxrUkVaZURKZjVZb3R6eDdFdkJhbzFIbkQrWEg4eUIKVUtmWGJTaHZKVUdhRmgxT3Q1Y3JoM1k9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
+ privateKey: '[redacted]'
serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUREVENDQWZXZ0F3SUJBZ0lVRUZNaFA5ZUo5WEFCV3NRNVptNmJSazJjTE5Rd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZqRVVNQklHQTFVRUF3d0xabTl2TG1KaGNpNWpiMjB3SGhjTk1qUXdNakk1TURrek1ERXdXaGNOTXpRdwpNakkyTURrek1ERXdXakFXTVJRd0VnWURWUVFEREF0bWIyOHVZbUZ5TG1OdmJUQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFKbEk2WXhFOVprQ1BzNnBDUXhickNtZWl4OVA1RGZ4OVJ1NUxENFQKSm1kVzdJS2R0UVYvd2ZMbXRzdTc2QithVGRDaldlMEJUZmVPT1JCYlIzY1BBRzZFbFFMaWNsUVVydW4zcStncwpKcEsrSTdjSStqNXc4STY4WEg1V1E3clZVdGJ3SHBxYncrY1ZuQnFJVU9MaUlhdGpJZjdLWDUxTTF1RjljZkVICkU0RG5jSDZyYnI1OS9SRlpCc2toeHM1T3p3Sklmb2hreXZGd2V1VHd4Sy9WcGpJKzdPYzQ4QUJDWHBOTzlEL3EKRWgrck9hdWpBTWNYZ0hRSVRrQ2lpVVRjVW82TFNIOXZMWlB0YXFmem9acTZuaE1xcFc2NUUxcEF3RjNqeVRUeAphNUk4SmNmU0Zqa2llWjIwTFVRTW43TThVNHhIamFvL2d2SDBDQWZkQjdSTFUyc0NBd0VBQWFOVE1GRXdIUVlEClZSME9CQllFRk9SQ0U4dS8xRERXN2loWnA3Y3g5dFNtUG02T01COEdBMVVkSXdRWU1CYUFGT1JDRTh1LzFERFcKN2loWnA3Y3g5dFNtUG02T01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQgpBRnQ1M3pqc3FUYUg1YThFMmNodm1XQWdDcnhSSzhiVkxNeGl3TkdqYm1FUFJ6K3c2TngrazBBOEtFY0lEc0tjClNYY2k1OHU0b1didFZKQmx6YS9adWpIUjZQMUJuT3BsK2FveTc4NGJiZDRQMzl3VExvWGZNZmJCQ20xdmV2aDkKQUpLbncyWnRxcjRta2JMY3hFcWxxM3NCTEZBUzlzUUxuS05DZTJjR0xkVHAyYm9HK3FjZ3lRZ0NJTTZmOEVNdgpXUGlmQ01NR3V6Sy9HUkY0YlBPL1lGNDhld0R1M1VlaWgwWFhkVUFPRTlDdFVhOE5JaGMxVVBhT3pQcnRZVnFyClpPR2t2L0t1K0I3OGg4U0VzTzlYclFjdXdiT25KeDZLdFIrYWV5a3ZBcFhDUTNmWkMvYllLQUFSK1A4QUpvUVoKYndJVW1YaTRnajVtK2JLUGhlK2lyK0U9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-tls-terminate-and-passthrough.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-tls-terminate-and-passthrough.out.yaml
index 9d4d0a7528e..3f680237131 100644
--- a/internal/gatewayapi/testdata/gateway-with-listener-with-tls-terminate-and-passthrough.out.yaml
+++ b/internal/gatewayapi/testdata/gateway-with-listener-with-tls-terminate-and-passthrough.out.yaml
@@ -172,7 +172,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- foo.bar.com
isHTTP2: false
@@ -211,10 +211,10 @@ xdsIR:
alpnProtocols: null
certificates:
- name: envoy-gateway/tls-secret-1
- privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2QwZlBDYWtweE1nUnUKT0VXQjFiQk5FM3ZseW55aTZWbkV2VWF1OUhvakR2UHVPTFJIaGI4MmoyY1ovMHhnL1lKR09LelBuV2JERkxGNApHdWh3dDRENmFUR0xYNklPODEwTDZ0SXZIWGZNUXRJS2VwdTZ3K3p1WVo4bG1yejB1RjZlWEtqamVIbHhyb2ZrCnVNekM3OUVaU0lYZlZlczJ1SmdVRSs4VGFzSDUzQ2Y4MFNSRGlIeEdxckttdVNjWCtwejBreGdCZ1VWYTVVS20KUWdTZDFmVUxLOUEwNXAxOXkrdURPM204bVhRNkxVQ0N1STFwZHNROGFlNS9zamlxa0VjWlJjMTdWYVgxWjVVaQpvcGZnNW9SY05VTG9VTHNiek9aNTR0YlVDUmdSV2VLbGZxaElINEZ6OUlkVlUyR3dFdEdhMmV6TjgyMVBaQ3QzCjZhbVRIelJsQWdNQkFBRUNnZ0VBWTFGTUlLNDVXTkVNUHJ6RTZUY3NNdVV2RkdhQVZ4bVk5NW5SMEtwajdvb3IKY21CVys2ZXN0TTQ4S1AwaitPbXd3VFpMY29Cd3VoWGN0V1Bob1lXcDhteWUxRUlEdjNyaHRHMDdocEQ1NGg2dgpCZzh3ejdFYStzMk9sT0N6UnlKNzBSY281YlhjWDNGaGJjdnFlRWJwaFFyQnpOSEtLMjZ4cmZqNWZIT3p6T1FGCmJHdUZ3SDVic3JGdFhlajJXM3c4eW90N0ZQSDV3S3RpdnhvSWU5RjMyOXNnOU9EQnZqWnpiaG1LVTArckFTK1kKRGVield2bFJyaEUrbXVmQTN6M0N0QXhDOFJpNzNscFNoTDRQQWlvcG1SUXlxZXRXMjYzOFFxcnM0R3hnNzhwbApJUXJXTmNBc2s3Slg5d3RZenV6UFBXSXRWTTFscFJiQVRhNTJqdFl2NVFLQmdRRE5tMTFtZTRYam1ZSFV2cStZCmFTUzdwK2UybXZEMHVaOU9JeFluQnBWMGkrckNlYnFFMkE1Rm5hcDQ5Yld4QTgwUElldlVkeUpCL2pUUkoxcVMKRUpXQkpMWm1LVkg2K1QwdWw1ZUtOcWxFTFZHU0dCSXNpeE9SUXpDZHBoMkx0UmtBMHVjSVUzY3hiUmVMZkZCRQpiSkdZWENCdlNGcWd0VDlvZTFldVpMVmFOd0tCZ1FERWdENzJENk81eGIweEQ1NDQ1M0RPMUJhZmd6aThCWDRTCk1SaVd2LzFUQ0w5N05sRWtoeXovNmtQd1owbXJRcE5CMzZFdkpKZFVteHdkU2MyWDhrOGcxMC85NVlLQkdWQWoKL3d0YVZYbE9WeEFvK0ZSelpZeFpyQ29uWWFSMHVwUzFybDRtenN4REhlZU9mUVZUTUgwUjdZN0pnbTA5dXQ4SwplanAvSXZBb1F3S0JnQjNaRWlRUWhvMVYrWjBTMlpiOG5KS0plMy9zMmxJTXFHM0ZkaS9RS3Q0eWViQWx6OGY5ClBZVXBzRmZEQTg5Z3grSU1nSm5sZVptdTk2ZnRXSjZmdmJSenllN216TG5zZU05TXZua1lHbGFGWmJRWnZubXMKN3ZoRmtzY3dHRlh4d21GMlBJZmU1Z3pNMDRBeVdjeTFIaVhLS2dNOXM3cGsxWUdyZGowZzdacmRBb0dCQUtLNApDR3MrbkRmMEZTMFJYOWFEWVJrRTdBNy9YUFhtSG5YMkRnU1h5N0Q4NTRPaWdTTWNoUmtPNTErbVNJejNQbllvCk41T1FXM2lHVVl1M1YvYmhnc0VSUzM1V2xmRk9BdDBzRUR5bjF5SVdXcDF5dG93d3BUNkVvUXVuZ2NYZjA5RjMKS1NROXowd3M4VmsvRWkvSFVXcU5LOWFXbU51cmFaT0ZqL2REK1ZkOUFvR0FMWFN3dEE3K043RDRkN0VEMURSRQpHTWdZNVd3OHFvdDZSdUNlNkpUY0FnU3B1MkhNU3JVY2dXclpiQnJZb09FUnVNQjFoMVJydk5ybU1qQlM0VW9FClgyZC8vbGhpOG1wL2VESWN3UDNRa2puanBJRFJWMFN1eWxrUkVaZURKZjVZb3R6eDdFdkJhbzFIbkQrWEg4eUIKVUtmWGJTaHZKVUdhRmgxT3Q1Y3JoM1k9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
+ privateKey: '[redacted]'
serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUREVENDQWZXZ0F3SUJBZ0lVRUZNaFA5ZUo5WEFCV3NRNVptNmJSazJjTE5Rd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZqRVVNQklHQTFVRUF3d0xabTl2TG1KaGNpNWpiMjB3SGhjTk1qUXdNakk1TURrek1ERXdXaGNOTXpRdwpNakkyTURrek1ERXdXakFXTVJRd0VnWURWUVFEREF0bWIyOHVZbUZ5TG1OdmJUQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFKbEk2WXhFOVprQ1BzNnBDUXhickNtZWl4OVA1RGZ4OVJ1NUxENFQKSm1kVzdJS2R0UVYvd2ZMbXRzdTc2QithVGRDaldlMEJUZmVPT1JCYlIzY1BBRzZFbFFMaWNsUVVydW4zcStncwpKcEsrSTdjSStqNXc4STY4WEg1V1E3clZVdGJ3SHBxYncrY1ZuQnFJVU9MaUlhdGpJZjdLWDUxTTF1RjljZkVICkU0RG5jSDZyYnI1OS9SRlpCc2toeHM1T3p3Sklmb2hreXZGd2V1VHd4Sy9WcGpJKzdPYzQ4QUJDWHBOTzlEL3EKRWgrck9hdWpBTWNYZ0hRSVRrQ2lpVVRjVW82TFNIOXZMWlB0YXFmem9acTZuaE1xcFc2NUUxcEF3RjNqeVRUeAphNUk4SmNmU0Zqa2llWjIwTFVRTW43TThVNHhIamFvL2d2SDBDQWZkQjdSTFUyc0NBd0VBQWFOVE1GRXdIUVlEClZSME9CQllFRk9SQ0U4dS8xRERXN2loWnA3Y3g5dFNtUG02T01COEdBMVVkSXdRWU1CYUFGT1JDRTh1LzFERFcKN2loWnA3Y3g5dFNtUG02T01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQgpBRnQ1M3pqc3FUYUg1YThFMmNodm1XQWdDcnhSSzhiVkxNeGl3TkdqYm1FUFJ6K3c2TngrazBBOEtFY0lEc0tjClNYY2k1OHU0b1didFZKQmx6YS9adWpIUjZQMUJuT3BsK2FveTc4NGJiZDRQMzl3VExvWGZNZmJCQ20xdmV2aDkKQUpLbncyWnRxcjRta2JMY3hFcWxxM3NCTEZBUzlzUUxuS05DZTJjR0xkVHAyYm9HK3FjZ3lRZ0NJTTZmOEVNdgpXUGlmQ01NR3V6Sy9HUkY0YlBPL1lGNDhld0R1M1VlaWgwWFhkVUFPRTlDdFVhOE5JaGMxVVBhT3pQcnRZVnFyClpPR2t2L0t1K0I3OGg4U0VzTzlYclFjdXdiT25KeDZLdFIrYWV5a3ZBcFhDUTNmWkMvYllLQUFSK1A4QUpvUVoKYndJVW1YaTRnajVtK2JLUGhlK2lyK0U9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
tcp:
- - address: 0.0.0.0
+ - address: '::'
name: envoy-gateway/gateway-1/tls-passthrough
port: 10090
routes:
diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-mismatch-port-protocol.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-mismatch-port-protocol.out.yaml
index 03cf19502d7..88a7435683f 100644
--- a/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-mismatch-port-protocol.out.yaml
+++ b/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-mismatch-port-protocol.out.yaml
@@ -91,7 +91,7 @@ xdsIR:
text:
- path: /dev/stdout
udp:
- - address: 0.0.0.0
+ - address: '::'
name: envoy-gateway/gateway-1/udp
port: 10162
route:
diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-multiple-backends.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-multiple-backends.out.yaml
index 70a5a2a8599..bf252dfb7e0 100644
--- a/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-multiple-backends.out.yaml
+++ b/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-multiple-backends.out.yaml
@@ -95,7 +95,7 @@ xdsIR:
text:
- path: /dev/stdout
udp:
- - address: 0.0.0.0
+ - address: '::'
name: envoy-gateway/gateway-1/udp
port: 10080
route:
diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-multiple-rules.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-multiple-rules.out.yaml
index 850f9e64cba..c87bc540bd1 100644
--- a/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-multiple-rules.out.yaml
+++ b/internal/gatewayapi/testdata/gateway-with-listener-with-udproute-with-multiple-rules.out.yaml
@@ -96,6 +96,6 @@ xdsIR:
text:
- path: /dev/stdout
udp:
- - address: 0.0.0.0
+ - address: '::'
name: envoy-gateway/gateway-1/udp
port: 10080
diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-unmatched-tcproute.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-unmatched-tcproute.out.yaml
index 79295aded7b..a44c4ff584c 100644
--- a/internal/gatewayapi/testdata/gateway-with-listener-with-unmatched-tcproute.out.yaml
+++ b/internal/gatewayapi/testdata/gateway-with-listener-with-unmatched-tcproute.out.yaml
@@ -59,6 +59,6 @@ xdsIR:
text:
- path: /dev/stdout
tcp:
- - address: 0.0.0.0
+ - address: '::'
name: envoy-gateway/gateway-1/tcp
port: 10080
diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-unmatched-udproute.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-unmatched-udproute.out.yaml
index a30d7cf5a5b..00233142fc1 100644
--- a/internal/gatewayapi/testdata/gateway-with-listener-with-unmatched-udproute.out.yaml
+++ b/internal/gatewayapi/testdata/gateway-with-listener-with-unmatched-udproute.out.yaml
@@ -59,6 +59,6 @@ xdsIR:
text:
- path: /dev/stdout
udp:
- - address: 0.0.0.0
+ - address: '::'
name: envoy-gateway/gateway-1/udp
port: 10080
diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration-with-same-algorithm-different-fqdn.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration-with-same-algorithm-different-fqdn.out.yaml
index cb443c09c8b..4198cb7db1d 100644
--- a/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration-with-same-algorithm-different-fqdn.out.yaml
+++ b/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration-with-same-algorithm-different-fqdn.out.yaml
@@ -105,7 +105,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -144,8 +144,8 @@ xdsIR:
alpnProtocols: null
certificates:
- name: envoy-gateway/tls-secret-ecdsa-1
- privateKey: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUxEbnZNM1RKM3NHYm9EeTF4T3dqSVppVFNWeWZXVWF5YVExcWdrdUdacEtvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFSDVWdHJjenJQS091alV5RTMyaDU2UnVrdHUzSVhTVnJJMkNibXh5UUpqcEY3di9rNVNqTQpSVXZjUnBCdmpnQWROaGhUNGNUMXV4YW1TMFlmQ2JXMVhRPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
+ privateKey: '[redacted]'
serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJnVENDQVNlZ0F3SUJBZ0lVRm1sOExCRzBvL1FLNFErWjdrODI0c0MyaUZ3d0NnWUlLb1pJemowRUF3SXcKRmpFVU1CSUdBMVVFQXd3TFptOXZMbUpoY2k1amIyMHdIaGNOTWpRd01qSTVNRGt6TURFd1doY05NelF3TWpJMgpNRGt6TURFd1dqQVdNUlF3RWdZRFZRUUREQXRtYjI4dVltRnlMbU52YlRCWk1CTUdCeXFHU000OUFnRUdDQ3FHClNNNDlBd0VIQTBJQUJMYVl2cUt1VlZveERvNTJlV3p2WUI1anc3RU1GODZybXlvaTVadWF5emRNdnBnNHpCcjgKUktCak5zK1QxakI4T0t1Y1MvN1JVRHgwcHorOTc2ek0zaU9qVXpCUk1CMEdBMVVkRGdRV0JCVE82K2NnMFIwZAp3dHJ6SlFQRzZnNzZoQkJVelRBZkJnTlZIU01FR0RBV2dCVE82K2NnMFIwZHd0cnpKUVBHNmc3NmhCQlV6VEFQCkJnTlZIUk1CQWY4RUJUQURBUUgvTUFvR0NDcUdTTTQ5QkFNQ0EwZ0FNRVVDSVFDMlhwUFFnUXpXYWUzYjVwWnQKR2N1TWZESjBjME9QS2NuZWdrWFoyQzRCM2dJZ1Uvc1Jrd0lwTFFOUlYrRWFZdzRQNVQ1Z1BFNlkrVnBtQzk4aApvVmpaL3pRPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t
- name: envoy-gateway/tls-secret-ecdsa-2
- privateKey: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1JR2tBZ0VCQkRDUUE5VWo0SkR5c0Q0MlJIMGI2cjU5NTlXTmlXU2ZKZlMxK2RvTjk0TzZCUGdaQUJiUTI4eTIKUTZsM3pZdklLeFNnQndZRks0RUVBQ0toWkFOaUFBUjR5MGNMZUVoNnJaQ3gyUzFLTDlrMUg4d28xcTlLYmNjMgpmdTBhaUIrcHFxZndCS0FjaHJ2SlJUNzQreWdNUHFSLzc0Sjd1NngzU1pBN1ZLZDFnaGFQWkF1SWpQUTFrZndICjlDdmlMc25RZ3JDeENWU2U2ZG1xL2twajFNdEJyU2M9Ci0tLS0tRU5EIEVDIFBSSVZBVEUgS0VZLS0tLS0K
+ privateKey: '[redacted]'
serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJ5RENDQVU2Z0F3SUJBZ0lVUWltVUFlSExNdHo0dEdSdG5oNG9qWHRhVXpzd0NnWUlLb1pJemowRUF3SXcKR3pFWk1CY0dBMVVFQXd3UWRHVnpkQzVsZUdGdGNHeGxMbU52YlRBZUZ3MHlOREExTWpVd09URXhNemRhRncwegpOREExTWpNd09URXhNemRhTUJzeEdUQVhCZ05WQkFNTUVIUmxjM1F1WlhoaGJYQnNaUzVqYjIwd2RqQVFCZ2NxCmhrak9QUUlCQmdVcmdRUUFJZ05pQUFSNHkwY0xlRWg2clpDeDJTMUtMOWsxSDh3bzFxOUtiY2MyZnUwYWlCK3AKcXFmd0JLQWNocnZKUlQ3NCt5Z01QcVIvNzRKN3U2eDNTWkE3VktkMWdoYVBaQXVJalBRMWtmd0g5Q3ZpTHNuUQpnckN4Q1ZTZTZkbXEva3BqMU10QnJTZWpVekJSTUIwR0ExVWREZ1FXQkJUYVNlb1RtY3JlRU5Kd0t5ZmlZS3JnCjlIdnFVREFmQmdOVkhTTUVHREFXZ0JUYVNlb1RtY3JlRU5Kd0t5ZmlZS3JnOUh2cVVEQVBCZ05WSFJNQkFmOEUKQlRBREFRSC9NQW9HQ0NxR1NNNDlCQU1DQTJnQU1HVUNNRzFPSlUrRTlEaCt4TjdJMFZVTXIwdmt3S0h6V2Q3NwpTQXFXQjJVcG4vNThQTzd3eWNvWHZNMjlwREU0SkUvRzVRSXhBT2FhemxKZ1M3Z081eU50aW1tZ0llWFJ1K2pwCkNXb3kxb3hZU2ZSMmh1YkJ1Q1RUUkFqNkhPODBjTUVrZHFrMWp3PT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration.out.yaml
index 754923d89fe..da63240840e 100644
--- a/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration.out.yaml
+++ b/internal/gatewayapi/testdata/gateway-with-listener-with-valid-multiple-tls-configuration.out.yaml
@@ -105,7 +105,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -144,8 +144,8 @@ xdsIR:
alpnProtocols: null
certificates:
- name: envoy-gateway/tls-secret-1
- privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2QwZlBDYWtweE1nUnUKT0VXQjFiQk5FM3ZseW55aTZWbkV2VWF1OUhvakR2UHVPTFJIaGI4MmoyY1ovMHhnL1lKR09LelBuV2JERkxGNApHdWh3dDRENmFUR0xYNklPODEwTDZ0SXZIWGZNUXRJS2VwdTZ3K3p1WVo4bG1yejB1RjZlWEtqamVIbHhyb2ZrCnVNekM3OUVaU0lYZlZlczJ1SmdVRSs4VGFzSDUzQ2Y4MFNSRGlIeEdxckttdVNjWCtwejBreGdCZ1VWYTVVS20KUWdTZDFmVUxLOUEwNXAxOXkrdURPM204bVhRNkxVQ0N1STFwZHNROGFlNS9zamlxa0VjWlJjMTdWYVgxWjVVaQpvcGZnNW9SY05VTG9VTHNiek9aNTR0YlVDUmdSV2VLbGZxaElINEZ6OUlkVlUyR3dFdEdhMmV6TjgyMVBaQ3QzCjZhbVRIelJsQWdNQkFBRUNnZ0VBWTFGTUlLNDVXTkVNUHJ6RTZUY3NNdVV2RkdhQVZ4bVk5NW5SMEtwajdvb3IKY21CVys2ZXN0TTQ4S1AwaitPbXd3VFpMY29Cd3VoWGN0V1Bob1lXcDhteWUxRUlEdjNyaHRHMDdocEQ1NGg2dgpCZzh3ejdFYStzMk9sT0N6UnlKNzBSY281YlhjWDNGaGJjdnFlRWJwaFFyQnpOSEtLMjZ4cmZqNWZIT3p6T1FGCmJHdUZ3SDVic3JGdFhlajJXM3c4eW90N0ZQSDV3S3RpdnhvSWU5RjMyOXNnOU9EQnZqWnpiaG1LVTArckFTK1kKRGVield2bFJyaEUrbXVmQTN6M0N0QXhDOFJpNzNscFNoTDRQQWlvcG1SUXlxZXRXMjYzOFFxcnM0R3hnNzhwbApJUXJXTmNBc2s3Slg5d3RZenV6UFBXSXRWTTFscFJiQVRhNTJqdFl2NVFLQmdRRE5tMTFtZTRYam1ZSFV2cStZCmFTUzdwK2UybXZEMHVaOU9JeFluQnBWMGkrckNlYnFFMkE1Rm5hcDQ5Yld4QTgwUElldlVkeUpCL2pUUkoxcVMKRUpXQkpMWm1LVkg2K1QwdWw1ZUtOcWxFTFZHU0dCSXNpeE9SUXpDZHBoMkx0UmtBMHVjSVUzY3hiUmVMZkZCRQpiSkdZWENCdlNGcWd0VDlvZTFldVpMVmFOd0tCZ1FERWdENzJENk81eGIweEQ1NDQ1M0RPMUJhZmd6aThCWDRTCk1SaVd2LzFUQ0w5N05sRWtoeXovNmtQd1owbXJRcE5CMzZFdkpKZFVteHdkU2MyWDhrOGcxMC85NVlLQkdWQWoKL3d0YVZYbE9WeEFvK0ZSelpZeFpyQ29uWWFSMHVwUzFybDRtenN4REhlZU9mUVZUTUgwUjdZN0pnbTA5dXQ4SwplanAvSXZBb1F3S0JnQjNaRWlRUWhvMVYrWjBTMlpiOG5KS0plMy9zMmxJTXFHM0ZkaS9RS3Q0eWViQWx6OGY5ClBZVXBzRmZEQTg5Z3grSU1nSm5sZVptdTk2ZnRXSjZmdmJSenllN216TG5zZU05TXZua1lHbGFGWmJRWnZubXMKN3ZoRmtzY3dHRlh4d21GMlBJZmU1Z3pNMDRBeVdjeTFIaVhLS2dNOXM3cGsxWUdyZGowZzdacmRBb0dCQUtLNApDR3MrbkRmMEZTMFJYOWFEWVJrRTdBNy9YUFhtSG5YMkRnU1h5N0Q4NTRPaWdTTWNoUmtPNTErbVNJejNQbllvCk41T1FXM2lHVVl1M1YvYmhnc0VSUzM1V2xmRk9BdDBzRUR5bjF5SVdXcDF5dG93d3BUNkVvUXVuZ2NYZjA5RjMKS1NROXowd3M4VmsvRWkvSFVXcU5LOWFXbU51cmFaT0ZqL2REK1ZkOUFvR0FMWFN3dEE3K043RDRkN0VEMURSRQpHTWdZNVd3OHFvdDZSdUNlNkpUY0FnU3B1MkhNU3JVY2dXclpiQnJZb09FUnVNQjFoMVJydk5ybU1qQlM0VW9FClgyZC8vbGhpOG1wL2VESWN3UDNRa2puanBJRFJWMFN1eWxrUkVaZURKZjVZb3R6eDdFdkJhbzFIbkQrWEg4eUIKVUtmWGJTaHZKVUdhRmgxT3Q1Y3JoM1k9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
+ privateKey: '[redacted]'
serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUREVENDQWZXZ0F3SUJBZ0lVRUZNaFA5ZUo5WEFCV3NRNVptNmJSazJjTE5Rd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZqRVVNQklHQTFVRUF3d0xabTl2TG1KaGNpNWpiMjB3SGhjTk1qUXdNakk1TURrek1ERXdXaGNOTXpRdwpNakkyTURrek1ERXdXakFXTVJRd0VnWURWUVFEREF0bWIyOHVZbUZ5TG1OdmJUQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFKbEk2WXhFOVprQ1BzNnBDUXhickNtZWl4OVA1RGZ4OVJ1NUxENFQKSm1kVzdJS2R0UVYvd2ZMbXRzdTc2QithVGRDaldlMEJUZmVPT1JCYlIzY1BBRzZFbFFMaWNsUVVydW4zcStncwpKcEsrSTdjSStqNXc4STY4WEg1V1E3clZVdGJ3SHBxYncrY1ZuQnFJVU9MaUlhdGpJZjdLWDUxTTF1RjljZkVICkU0RG5jSDZyYnI1OS9SRlpCc2toeHM1T3p3Sklmb2hreXZGd2V1VHd4Sy9WcGpJKzdPYzQ4QUJDWHBOTzlEL3EKRWgrck9hdWpBTWNYZ0hRSVRrQ2lpVVRjVW82TFNIOXZMWlB0YXFmem9acTZuaE1xcFc2NUUxcEF3RjNqeVRUeAphNUk4SmNmU0Zqa2llWjIwTFVRTW43TThVNHhIamFvL2d2SDBDQWZkQjdSTFUyc0NBd0VBQWFOVE1GRXdIUVlEClZSME9CQllFRk9SQ0U4dS8xRERXN2loWnA3Y3g5dFNtUG02T01COEdBMVVkSXdRWU1CYUFGT1JDRTh1LzFERFcKN2loWnA3Y3g5dFNtUG02T01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQgpBRnQ1M3pqc3FUYUg1YThFMmNodm1XQWdDcnhSSzhiVkxNeGl3TkdqYm1FUFJ6K3c2TngrazBBOEtFY0lEc0tjClNYY2k1OHU0b1didFZKQmx6YS9adWpIUjZQMUJuT3BsK2FveTc4NGJiZDRQMzl3VExvWGZNZmJCQ20xdmV2aDkKQUpLbncyWnRxcjRta2JMY3hFcWxxM3NCTEZBUzlzUUxuS05DZTJjR0xkVHAyYm9HK3FjZ3lRZ0NJTTZmOEVNdgpXUGlmQ01NR3V6Sy9HUkY0YlBPL1lGNDhld0R1M1VlaWgwWFhkVUFPRTlDdFVhOE5JaGMxVVBhT3pQcnRZVnFyClpPR2t2L0t1K0I3OGg4U0VzTzlYclFjdXdiT25KeDZLdFIrYWV5a3ZBcFhDUTNmWkMvYllLQUFSK1A4QUpvUVoKYndJVW1YaTRnajVtK2JLUGhlK2lyK0U9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
- name: envoy-gateway/tls-secret-ecdsa-1
- privateKey: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUxEbnZNM1RKM3NHYm9EeTF4T3dqSVppVFNWeWZXVWF5YVExcWdrdUdacEtvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFSDVWdHJjenJQS091alV5RTMyaDU2UnVrdHUzSVhTVnJJMkNibXh5UUpqcEY3di9rNVNqTQpSVXZjUnBCdmpnQWROaGhUNGNUMXV4YW1TMFlmQ2JXMVhRPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
+ privateKey: '[redacted]'
serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJnVENDQVNlZ0F3SUJBZ0lVRm1sOExCRzBvL1FLNFErWjdrODI0c0MyaUZ3d0NnWUlLb1pJemowRUF3SXcKRmpFVU1CSUdBMVVFQXd3TFptOXZMbUpoY2k1amIyMHdIaGNOTWpRd01qSTVNRGt6TURFd1doY05NelF3TWpJMgpNRGt6TURFd1dqQVdNUlF3RWdZRFZRUUREQXRtYjI4dVltRnlMbU52YlRCWk1CTUdCeXFHU000OUFnRUdDQ3FHClNNNDlBd0VIQTBJQUJMYVl2cUt1VlZveERvNTJlV3p2WUI1anc3RU1GODZybXlvaTVadWF5emRNdnBnNHpCcjgKUktCak5zK1QxakI4T0t1Y1MvN1JVRHgwcHorOTc2ek0zaU9qVXpCUk1CMEdBMVVkRGdRV0JCVE82K2NnMFIwZAp3dHJ6SlFQRzZnNzZoQkJVelRBZkJnTlZIU01FR0RBV2dCVE82K2NnMFIwZHd0cnpKUVBHNmc3NmhCQlV6VEFQCkJnTlZIUk1CQWY4RUJUQURBUUgvTUFvR0NDcUdTTTQ5QkFNQ0EwZ0FNRVVDSVFDMlhwUFFnUXpXYWUzYjVwWnQKR2N1TWZESjBjME9QS2NuZWdrWFoyQzRCM2dJZ1Uvc1Jrd0lwTFFOUlYrRWFZdzRQNVQ1Z1BFNlkrVnBtQzk4aApvVmpaL3pRPQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t
diff --git a/internal/gatewayapi/testdata/gateway-with-listener-with-valid-tls-configuration.out.yaml b/internal/gatewayapi/testdata/gateway-with-listener-with-valid-tls-configuration.out.yaml
index 5b692e70ab2..a984dbc8a91 100644
--- a/internal/gatewayapi/testdata/gateway-with-listener-with-valid-tls-configuration.out.yaml
+++ b/internal/gatewayapi/testdata/gateway-with-listener-with-valid-tls-configuration.out.yaml
@@ -102,7 +102,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -141,5 +141,5 @@ xdsIR:
alpnProtocols: null
certificates:
- name: envoy-gateway/tls-secret-1
- privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2QwZlBDYWtweE1nUnUKT0VXQjFiQk5FM3ZseW55aTZWbkV2VWF1OUhvakR2UHVPTFJIaGI4MmoyY1ovMHhnL1lKR09LelBuV2JERkxGNApHdWh3dDRENmFUR0xYNklPODEwTDZ0SXZIWGZNUXRJS2VwdTZ3K3p1WVo4bG1yejB1RjZlWEtqamVIbHhyb2ZrCnVNekM3OUVaU0lYZlZlczJ1SmdVRSs4VGFzSDUzQ2Y4MFNSRGlIeEdxckttdVNjWCtwejBreGdCZ1VWYTVVS20KUWdTZDFmVUxLOUEwNXAxOXkrdURPM204bVhRNkxVQ0N1STFwZHNROGFlNS9zamlxa0VjWlJjMTdWYVgxWjVVaQpvcGZnNW9SY05VTG9VTHNiek9aNTR0YlVDUmdSV2VLbGZxaElINEZ6OUlkVlUyR3dFdEdhMmV6TjgyMVBaQ3QzCjZhbVRIelJsQWdNQkFBRUNnZ0VBWTFGTUlLNDVXTkVNUHJ6RTZUY3NNdVV2RkdhQVZ4bVk5NW5SMEtwajdvb3IKY21CVys2ZXN0TTQ4S1AwaitPbXd3VFpMY29Cd3VoWGN0V1Bob1lXcDhteWUxRUlEdjNyaHRHMDdocEQ1NGg2dgpCZzh3ejdFYStzMk9sT0N6UnlKNzBSY281YlhjWDNGaGJjdnFlRWJwaFFyQnpOSEtLMjZ4cmZqNWZIT3p6T1FGCmJHdUZ3SDVic3JGdFhlajJXM3c4eW90N0ZQSDV3S3RpdnhvSWU5RjMyOXNnOU9EQnZqWnpiaG1LVTArckFTK1kKRGVield2bFJyaEUrbXVmQTN6M0N0QXhDOFJpNzNscFNoTDRQQWlvcG1SUXlxZXRXMjYzOFFxcnM0R3hnNzhwbApJUXJXTmNBc2s3Slg5d3RZenV6UFBXSXRWTTFscFJiQVRhNTJqdFl2NVFLQmdRRE5tMTFtZTRYam1ZSFV2cStZCmFTUzdwK2UybXZEMHVaOU9JeFluQnBWMGkrckNlYnFFMkE1Rm5hcDQ5Yld4QTgwUElldlVkeUpCL2pUUkoxcVMKRUpXQkpMWm1LVkg2K1QwdWw1ZUtOcWxFTFZHU0dCSXNpeE9SUXpDZHBoMkx0UmtBMHVjSVUzY3hiUmVMZkZCRQpiSkdZWENCdlNGcWd0VDlvZTFldVpMVmFOd0tCZ1FERWdENzJENk81eGIweEQ1NDQ1M0RPMUJhZmd6aThCWDRTCk1SaVd2LzFUQ0w5N05sRWtoeXovNmtQd1owbXJRcE5CMzZFdkpKZFVteHdkU2MyWDhrOGcxMC85NVlLQkdWQWoKL3d0YVZYbE9WeEFvK0ZSelpZeFpyQ29uWWFSMHVwUzFybDRtenN4REhlZU9mUVZUTUgwUjdZN0pnbTA5dXQ4SwplanAvSXZBb1F3S0JnQjNaRWlRUWhvMVYrWjBTMlpiOG5KS0plMy9zMmxJTXFHM0ZkaS9RS3Q0eWViQWx6OGY5ClBZVXBzRmZEQTg5Z3grSU1nSm5sZVptdTk2ZnRXSjZmdmJSenllN216TG5zZU05TXZua1lHbGFGWmJRWnZubXMKN3ZoRmtzY3dHRlh4d21GMlBJZmU1Z3pNMDRBeVdjeTFIaVhLS2dNOXM3cGsxWUdyZGowZzdacmRBb0dCQUtLNApDR3MrbkRmMEZTMFJYOWFEWVJrRTdBNy9YUFhtSG5YMkRnU1h5N0Q4NTRPaWdTTWNoUmtPNTErbVNJejNQbllvCk41T1FXM2lHVVl1M1YvYmhnc0VSUzM1V2xmRk9BdDBzRUR5bjF5SVdXcDF5dG93d3BUNkVvUXVuZ2NYZjA5RjMKS1NROXowd3M4VmsvRWkvSFVXcU5LOWFXbU51cmFaT0ZqL2REK1ZkOUFvR0FMWFN3dEE3K043RDRkN0VEMURSRQpHTWdZNVd3OHFvdDZSdUNlNkpUY0FnU3B1MkhNU3JVY2dXclpiQnJZb09FUnVNQjFoMVJydk5ybU1qQlM0VW9FClgyZC8vbGhpOG1wL2VESWN3UDNRa2puanBJRFJWMFN1eWxrUkVaZURKZjVZb3R6eDdFdkJhbzFIbkQrWEg4eUIKVUtmWGJTaHZKVUdhRmgxT3Q1Y3JoM1k9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
+ privateKey: '[redacted]'
serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUREVENDQWZXZ0F3SUJBZ0lVRUZNaFA5ZUo5WEFCV3NRNVptNmJSazJjTE5Rd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZqRVVNQklHQTFVRUF3d0xabTl2TG1KaGNpNWpiMjB3SGhjTk1qUXdNakk1TURrek1ERXdXaGNOTXpRdwpNakkyTURrek1ERXdXakFXTVJRd0VnWURWUVFEREF0bWIyOHVZbUZ5TG1OdmJUQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFKbEk2WXhFOVprQ1BzNnBDUXhickNtZWl4OVA1RGZ4OVJ1NUxENFQKSm1kVzdJS2R0UVYvd2ZMbXRzdTc2QithVGRDaldlMEJUZmVPT1JCYlIzY1BBRzZFbFFMaWNsUVVydW4zcStncwpKcEsrSTdjSStqNXc4STY4WEg1V1E3clZVdGJ3SHBxYncrY1ZuQnFJVU9MaUlhdGpJZjdLWDUxTTF1RjljZkVICkU0RG5jSDZyYnI1OS9SRlpCc2toeHM1T3p3Sklmb2hreXZGd2V1VHd4Sy9WcGpJKzdPYzQ4QUJDWHBOTzlEL3EKRWgrck9hdWpBTWNYZ0hRSVRrQ2lpVVRjVW82TFNIOXZMWlB0YXFmem9acTZuaE1xcFc2NUUxcEF3RjNqeVRUeAphNUk4SmNmU0Zqa2llWjIwTFVRTW43TThVNHhIamFvL2d2SDBDQWZkQjdSTFUyc0NBd0VBQWFOVE1GRXdIUVlEClZSME9CQllFRk9SQ0U4dS8xRERXN2loWnA3Y3g5dFNtUG02T01COEdBMVVkSXdRWU1CYUFGT1JDRTh1LzFERFcKN2loWnA3Y3g5dFNtUG02T01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQgpBRnQ1M3pqc3FUYUg1YThFMmNodm1XQWdDcnhSSzhiVkxNeGl3TkdqYm1FUFJ6K3c2TngrazBBOEtFY0lEc0tjClNYY2k1OHU0b1didFZKQmx6YS9adWpIUjZQMUJuT3BsK2FveTc4NGJiZDRQMzl3VExvWGZNZmJCQ20xdmV2aDkKQUpLbncyWnRxcjRta2JMY3hFcWxxM3NCTEZBUzlzUUxuS05DZTJjR0xkVHAyYm9HK3FjZ3lRZ0NJTTZmOEVNdgpXUGlmQ01NR3V6Sy9HUkY0YlBPL1lGNDhld0R1M1VlaWgwWFhkVUFPRTlDdFVhOE5JaGMxVVBhT3pQcnRZVnFyClpPR2t2L0t1K0I3OGg4U0VzTzlYclFjdXdiT25KeDZLdFIrYWV5a3ZBcFhDUTNmWkMvYllLQUFSK1A4QUpvUVoKYndJVW1YaTRnajVtK2JLUGhlK2lyK0U9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
diff --git a/internal/gatewayapi/testdata/gateway-with-preexisting-status-condition.out.yaml b/internal/gatewayapi/testdata/gateway-with-preexisting-status-condition.out.yaml
index 6598bfde8d4..2575bc79de1 100644
--- a/internal/gatewayapi/testdata/gateway-with-preexisting-status-condition.out.yaml
+++ b/internal/gatewayapi/testdata/gateway-with-preexisting-status-condition.out.yaml
@@ -96,7 +96,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/gateway-with-single-listener-with-multiple-tcproutes.out.yaml b/internal/gatewayapi/testdata/gateway-with-single-listener-with-multiple-tcproutes.out.yaml
index f7fd4e2752c..7513e60bfb8 100644
--- a/internal/gatewayapi/testdata/gateway-with-single-listener-with-multiple-tcproutes.out.yaml
+++ b/internal/gatewayapi/testdata/gateway-with-single-listener-with-multiple-tcproutes.out.yaml
@@ -122,7 +122,7 @@ xdsIR:
text:
- path: /dev/stdout
tcp:
- - address: 0.0.0.0
+ - address: '::'
name: envoy-gateway/gateway-1/tcp
port: 10162
routes:
diff --git a/internal/gatewayapi/testdata/gateway-with-single-listener-with-multiple-udproutes.out.yaml b/internal/gatewayapi/testdata/gateway-with-single-listener-with-multiple-udproutes.out.yaml
index 4f4555a87e8..c94a3f623a4 100644
--- a/internal/gatewayapi/testdata/gateway-with-single-listener-with-multiple-udproutes.out.yaml
+++ b/internal/gatewayapi/testdata/gateway-with-single-listener-with-multiple-udproutes.out.yaml
@@ -122,7 +122,7 @@ xdsIR:
text:
- path: /dev/stdout
udp:
- - address: 0.0.0.0
+ - address: '::'
name: envoy-gateway/gateway-1/udp
port: 10162
route:
diff --git a/internal/gatewayapi/testdata/gateway-with-stale-status-condition.out.yaml b/internal/gatewayapi/testdata/gateway-with-stale-status-condition.out.yaml
index 10f483e7293..30f33008266 100644
--- a/internal/gatewayapi/testdata/gateway-with-stale-status-condition.out.yaml
+++ b/internal/gatewayapi/testdata/gateway-with-stale-status-condition.out.yaml
@@ -102,7 +102,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -141,5 +141,5 @@ xdsIR:
alpnProtocols: null
certificates:
- name: default/tls-secret-1
- privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2QwZlBDYWtweE1nUnUKT0VXQjFiQk5FM3ZseW55aTZWbkV2VWF1OUhvakR2UHVPTFJIaGI4MmoyY1ovMHhnL1lKR09LelBuV2JERkxGNApHdWh3dDRENmFUR0xYNklPODEwTDZ0SXZIWGZNUXRJS2VwdTZ3K3p1WVo4bG1yejB1RjZlWEtqamVIbHhyb2ZrCnVNekM3OUVaU0lYZlZlczJ1SmdVRSs4VGFzSDUzQ2Y4MFNSRGlIeEdxckttdVNjWCtwejBreGdCZ1VWYTVVS20KUWdTZDFmVUxLOUEwNXAxOXkrdURPM204bVhRNkxVQ0N1STFwZHNROGFlNS9zamlxa0VjWlJjMTdWYVgxWjVVaQpvcGZnNW9SY05VTG9VTHNiek9aNTR0YlVDUmdSV2VLbGZxaElINEZ6OUlkVlUyR3dFdEdhMmV6TjgyMVBaQ3QzCjZhbVRIelJsQWdNQkFBRUNnZ0VBWTFGTUlLNDVXTkVNUHJ6RTZUY3NNdVV2RkdhQVZ4bVk5NW5SMEtwajdvb3IKY21CVys2ZXN0TTQ4S1AwaitPbXd3VFpMY29Cd3VoWGN0V1Bob1lXcDhteWUxRUlEdjNyaHRHMDdocEQ1NGg2dgpCZzh3ejdFYStzMk9sT0N6UnlKNzBSY281YlhjWDNGaGJjdnFlRWJwaFFyQnpOSEtLMjZ4cmZqNWZIT3p6T1FGCmJHdUZ3SDVic3JGdFhlajJXM3c4eW90N0ZQSDV3S3RpdnhvSWU5RjMyOXNnOU9EQnZqWnpiaG1LVTArckFTK1kKRGVield2bFJyaEUrbXVmQTN6M0N0QXhDOFJpNzNscFNoTDRQQWlvcG1SUXlxZXRXMjYzOFFxcnM0R3hnNzhwbApJUXJXTmNBc2s3Slg5d3RZenV6UFBXSXRWTTFscFJiQVRhNTJqdFl2NVFLQmdRRE5tMTFtZTRYam1ZSFV2cStZCmFTUzdwK2UybXZEMHVaOU9JeFluQnBWMGkrckNlYnFFMkE1Rm5hcDQ5Yld4QTgwUElldlVkeUpCL2pUUkoxcVMKRUpXQkpMWm1LVkg2K1QwdWw1ZUtOcWxFTFZHU0dCSXNpeE9SUXpDZHBoMkx0UmtBMHVjSVUzY3hiUmVMZkZCRQpiSkdZWENCdlNGcWd0VDlvZTFldVpMVmFOd0tCZ1FERWdENzJENk81eGIweEQ1NDQ1M0RPMUJhZmd6aThCWDRTCk1SaVd2LzFUQ0w5N05sRWtoeXovNmtQd1owbXJRcE5CMzZFdkpKZFVteHdkU2MyWDhrOGcxMC85NVlLQkdWQWoKL3d0YVZYbE9WeEFvK0ZSelpZeFpyQ29uWWFSMHVwUzFybDRtenN4REhlZU9mUVZUTUgwUjdZN0pnbTA5dXQ4SwplanAvSXZBb1F3S0JnQjNaRWlRUWhvMVYrWjBTMlpiOG5KS0plMy9zMmxJTXFHM0ZkaS9RS3Q0eWViQWx6OGY5ClBZVXBzRmZEQTg5Z3grSU1nSm5sZVptdTk2ZnRXSjZmdmJSenllN216TG5zZU05TXZua1lHbGFGWmJRWnZubXMKN3ZoRmtzY3dHRlh4d21GMlBJZmU1Z3pNMDRBeVdjeTFIaVhLS2dNOXM3cGsxWUdyZGowZzdacmRBb0dCQUtLNApDR3MrbkRmMEZTMFJYOWFEWVJrRTdBNy9YUFhtSG5YMkRnU1h5N0Q4NTRPaWdTTWNoUmtPNTErbVNJejNQbllvCk41T1FXM2lHVVl1M1YvYmhnc0VSUzM1V2xmRk9BdDBzRUR5bjF5SVdXcDF5dG93d3BUNkVvUXVuZ2NYZjA5RjMKS1NROXowd3M4VmsvRWkvSFVXcU5LOWFXbU51cmFaT0ZqL2REK1ZkOUFvR0FMWFN3dEE3K043RDRkN0VEMURSRQpHTWdZNVd3OHFvdDZSdUNlNkpUY0FnU3B1MkhNU3JVY2dXclpiQnJZb09FUnVNQjFoMVJydk5ybU1qQlM0VW9FClgyZC8vbGhpOG1wL2VESWN3UDNRa2puanBJRFJWMFN1eWxrUkVaZURKZjVZb3R6eDdFdkJhbzFIbkQrWEg4eUIKVUtmWGJTaHZKVUdhRmgxT3Q1Y3JoM1k9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
+ privateKey: '[redacted]'
serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUREVENDQWZXZ0F3SUJBZ0lVRUZNaFA5ZUo5WEFCV3NRNVptNmJSazJjTE5Rd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZqRVVNQklHQTFVRUF3d0xabTl2TG1KaGNpNWpiMjB3SGhjTk1qUXdNakk1TURrek1ERXdXaGNOTXpRdwpNakkyTURrek1ERXdXakFXTVJRd0VnWURWUVFEREF0bWIyOHVZbUZ5TG1OdmJUQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFKbEk2WXhFOVprQ1BzNnBDUXhickNtZWl4OVA1RGZ4OVJ1NUxENFQKSm1kVzdJS2R0UVYvd2ZMbXRzdTc2QithVGRDaldlMEJUZmVPT1JCYlIzY1BBRzZFbFFMaWNsUVVydW4zcStncwpKcEsrSTdjSStqNXc4STY4WEg1V1E3clZVdGJ3SHBxYncrY1ZuQnFJVU9MaUlhdGpJZjdLWDUxTTF1RjljZkVICkU0RG5jSDZyYnI1OS9SRlpCc2toeHM1T3p3Sklmb2hreXZGd2V1VHd4Sy9WcGpJKzdPYzQ4QUJDWHBOTzlEL3EKRWgrck9hdWpBTWNYZ0hRSVRrQ2lpVVRjVW82TFNIOXZMWlB0YXFmem9acTZuaE1xcFc2NUUxcEF3RjNqeVRUeAphNUk4SmNmU0Zqa2llWjIwTFVRTW43TThVNHhIamFvL2d2SDBDQWZkQjdSTFUyc0NBd0VBQWFOVE1GRXdIUVlEClZSME9CQllFRk9SQ0U4dS8xRERXN2loWnA3Y3g5dFNtUG02T01COEdBMVVkSXdRWU1CYUFGT1JDRTh1LzFERFcKN2loWnA3Y3g5dFNtUG02T01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQgpBRnQ1M3pqc3FUYUg1YThFMmNodm1XQWdDcnhSSzhiVkxNeGl3TkdqYm1FUFJ6K3c2TngrazBBOEtFY0lEc0tjClNYY2k1OHU0b1didFZKQmx6YS9adWpIUjZQMUJuT3BsK2FveTc4NGJiZDRQMzl3VExvWGZNZmJCQ20xdmV2aDkKQUpLbncyWnRxcjRta2JMY3hFcWxxM3NCTEZBUzlzUUxuS05DZTJjR0xkVHAyYm9HK3FjZ3lRZ0NJTTZmOEVNdgpXUGlmQ01NR3V6Sy9HUkY0YlBPL1lGNDhld0R1M1VlaWgwWFhkVUFPRTlDdFVhOE5JaGMxVVBhT3pQcnRZVnFyClpPR2t2L0t1K0I3OGg4U0VzTzlYclFjdXdiT25KeDZLdFIrYWV5a3ZBcFhDUTNmWkMvYllLQUFSK1A4QUpvUVoKYndJVW1YaTRnajVtK2JLUGhlK2lyK0U9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-on-same-tcp-or-tls-port.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-on-same-tcp-or-tls-port.out.yaml
index e3bc11e2cc5..3bec02c1f8f 100644
--- a/internal/gatewayapi/testdata/gateway-with-two-listeners-on-same-tcp-or-tls-port.out.yaml
+++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-on-same-tcp-or-tls-port.out.yaml
@@ -115,7 +115,7 @@ xdsIR:
text:
- path: /dev/stdout
tcp:
- - address: 0.0.0.0
+ - address: '::'
name: envoy-gateway/gateway-1/tcp1
port: 10162
routes:
diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-on-same-udp-port.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-on-same-udp-port.out.yaml
index 5f904c3de3e..0a76a7d86a6 100644
--- a/internal/gatewayapi/testdata/gateway-with-two-listeners-on-same-udp-port.out.yaml
+++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-on-same-udp-port.out.yaml
@@ -118,7 +118,7 @@ xdsIR:
text:
- path: /dev/stdout
udp:
- - address: 0.0.0.0
+ - address: '::'
name: envoy-gateway/gateway-1/udp1
port: 10162
route:
diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-multiple-httproutes.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-multiple-httproutes.out.yaml
index d6b31a59f6a..248169c209b 100644
--- a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-multiple-httproutes.out.yaml
+++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-multiple-httproutes.out.yaml
@@ -168,7 +168,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- foo.com
isHTTP2: false
@@ -223,7 +223,7 @@ xdsIR:
distinct: false
name: ""
prefix: /
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- bar.com
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-http-tcp-protocol.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-http-tcp-protocol.out.yaml
index 67867078333..0238ba3007e 100644
--- a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-http-tcp-protocol.out.yaml
+++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-http-tcp-protocol.out.yaml
@@ -163,7 +163,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -199,7 +199,7 @@ xdsIR:
name: ""
prefix: /
tcp:
- - address: 0.0.0.0
+ - address: '::'
name: envoy-gateway/gateway-1/tcp
port: 10080
routes:
diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-http-udp-protocol.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-http-udp-protocol.out.yaml
index b7bdac0b389..6d8bd1f0905 100644
--- a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-http-udp-protocol.out.yaml
+++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-same-port-http-udp-protocol.out.yaml
@@ -163,7 +163,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -199,7 +199,7 @@ xdsIR:
name: ""
prefix: /
udp:
- - address: 0.0.0.0
+ - address: '::'
name: envoy-gateway/gateway-1/udp
port: 10080
route:
diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-tcproutes-with-sectionname.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-tcproutes-with-sectionname.out.yaml
index d2d74cd296e..07e3e01a70c 100644
--- a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-tcproutes-with-sectionname.out.yaml
+++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-tcproutes-with-sectionname.out.yaml
@@ -160,7 +160,7 @@ xdsIR:
text:
- path: /dev/stdout
tcp:
- - address: 0.0.0.0
+ - address: '::'
name: envoy-gateway/gateway-1/tcp1
port: 10162
routes:
@@ -174,7 +174,7 @@ xdsIR:
protocol: TCP
weight: 1
name: tcproute/default/tcproute-1
- - address: 0.0.0.0
+ - address: '::'
name: envoy-gateway/gateway-1/tcp2
port: 10163
routes:
diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-tcproutes-without-sectionname.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-tcproutes-without-sectionname.out.yaml
index 20519f07857..b5a71ddbe5e 100644
--- a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-tcproutes-without-sectionname.out.yaml
+++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-tcproutes-without-sectionname.out.yaml
@@ -156,7 +156,7 @@ xdsIR:
text:
- path: /dev/stdout
tcp:
- - address: 0.0.0.0
+ - address: '::'
name: envoy-gateway/gateway-1/tcp1
port: 10161
routes:
@@ -170,7 +170,7 @@ xdsIR:
protocol: TCP
weight: 1
name: tcproute/default/tcproute-1
- - address: 0.0.0.0
+ - address: '::'
name: envoy-gateway/gateway-1/tcp2
port: 10162
routes:
diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-udproutes-with-sectionname.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-udproutes-with-sectionname.out.yaml
index 00a61415035..deac14645ab 100644
--- a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-udproutes-with-sectionname.out.yaml
+++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-udproutes-with-sectionname.out.yaml
@@ -160,7 +160,7 @@ xdsIR:
text:
- path: /dev/stdout
udp:
- - address: 0.0.0.0
+ - address: '::'
name: envoy-gateway/gateway-1/udp1
port: 10162
route:
@@ -174,7 +174,7 @@ xdsIR:
protocol: UDP
weight: 1
name: udproute/default/udproute-1
- - address: 0.0.0.0
+ - address: '::'
name: envoy-gateway/gateway-1/udp2
port: 10163
route:
diff --git a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-udproutes-without-sectionname.out.yaml b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-udproutes-without-sectionname.out.yaml
index f6cb6959c4b..96ca8ca522c 100644
--- a/internal/gatewayapi/testdata/gateway-with-two-listeners-with-udproutes-without-sectionname.out.yaml
+++ b/internal/gatewayapi/testdata/gateway-with-two-listeners-with-udproutes-without-sectionname.out.yaml
@@ -156,7 +156,7 @@ xdsIR:
text:
- path: /dev/stdout
udp:
- - address: 0.0.0.0
+ - address: '::'
name: envoy-gateway/gateway-1/udp1
port: 10161
route:
@@ -170,7 +170,7 @@ xdsIR:
protocol: UDP
weight: 1
name: udproute/default/udproute-1
- - address: 0.0.0.0
+ - address: '::'
name: envoy-gateway/gateway-1/udp2
port: 10162
route:
diff --git a/internal/gatewayapi/testdata/grpcroute-with-backend.in.yaml b/internal/gatewayapi/testdata/grpcroute-with-backend.in.yaml
index a02496321ec..d4fec0ea572 100644
--- a/internal/gatewayapi/testdata/grpcroute-with-backend.in.yaml
+++ b/internal/gatewayapi/testdata/grpcroute-with-backend.in.yaml
@@ -36,6 +36,7 @@ grpcRoutes:
- group: gateway.envoyproxy.io
kind: Backend
name: backend-ip
+ name: grpcrule-1
backends:
- apiVersion: gateway.envoyproxy.io/v1alpha1
kind: Backend
diff --git a/internal/gatewayapi/testdata/grpcroute-with-backend.out.yaml b/internal/gatewayapi/testdata/grpcroute-with-backend.out.yaml
index ba9f13c3136..5b9fe7b3a5f 100644
--- a/internal/gatewayapi/testdata/grpcroute-with-backend.out.yaml
+++ b/internal/gatewayapi/testdata/grpcroute-with-backend.out.yaml
@@ -82,6 +82,7 @@ grpcRoutes:
- method:
service: com.[A-Z]+
type: RegularExpression
+ name: grpcrule-1
status:
parents:
- conditions:
@@ -123,7 +124,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: true
@@ -150,6 +151,7 @@ xdsIR:
kind: GRPCRoute
name: grpcroute-1
namespace: default
+ sectionName: grpcrule-1
name: grpcroute/default/grpcroute-1/rule/0/match/1/*
pathMatch:
distinct: false
@@ -167,6 +169,7 @@ xdsIR:
kind: GRPCRoute
name: grpcroute-1
namespace: default
+ sectionName: grpcrule-1
name: grpcroute/default/grpcroute-1/rule/0/match/0/*
pathMatch:
distinct: false
diff --git a/internal/gatewayapi/testdata/grpcroute-with-empty-backends.out.yaml b/internal/gatewayapi/testdata/grpcroute-with-empty-backends.out.yaml
index 2f633cb8a20..8c2660b6324 100644
--- a/internal/gatewayapi/testdata/grpcroute-with-empty-backends.out.yaml
+++ b/internal/gatewayapi/testdata/grpcroute-with-empty-backends.out.yaml
@@ -96,7 +96,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: true
diff --git a/internal/gatewayapi/testdata/grpcroute-with-header-match.out.yaml b/internal/gatewayapi/testdata/grpcroute-with-header-match.out.yaml
index bc7697e2f18..a41913ed8fb 100644
--- a/internal/gatewayapi/testdata/grpcroute-with-header-match.out.yaml
+++ b/internal/gatewayapi/testdata/grpcroute-with-header-match.out.yaml
@@ -100,7 +100,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: true
diff --git a/internal/gatewayapi/testdata/grpcroute-with-method-and-service-match.out.yaml b/internal/gatewayapi/testdata/grpcroute-with-method-and-service-match.out.yaml
index 765481a5838..fafd1fdbf56 100644
--- a/internal/gatewayapi/testdata/grpcroute-with-method-and-service-match.out.yaml
+++ b/internal/gatewayapi/testdata/grpcroute-with-method-and-service-match.out.yaml
@@ -104,7 +104,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: true
diff --git a/internal/gatewayapi/testdata/grpcroute-with-method-match.out.yaml b/internal/gatewayapi/testdata/grpcroute-with-method-match.out.yaml
index 38b49dda801..a30cb02b50e 100644
--- a/internal/gatewayapi/testdata/grpcroute-with-method-match.out.yaml
+++ b/internal/gatewayapi/testdata/grpcroute-with-method-match.out.yaml
@@ -102,7 +102,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: true
diff --git a/internal/gatewayapi/testdata/grpcroute-with-request-header-modifier.out.yaml b/internal/gatewayapi/testdata/grpcroute-with-request-header-modifier.out.yaml
index 110d404c44f..43ada6439a9 100644
--- a/internal/gatewayapi/testdata/grpcroute-with-request-header-modifier.out.yaml
+++ b/internal/gatewayapi/testdata/grpcroute-with-request-header-modifier.out.yaml
@@ -106,7 +106,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: true
diff --git a/internal/gatewayapi/testdata/grpcroute-with-service-match.out.yaml b/internal/gatewayapi/testdata/grpcroute-with-service-match.out.yaml
index b8855487138..639603a07e6 100644
--- a/internal/gatewayapi/testdata/grpcroute-with-service-match.out.yaml
+++ b/internal/gatewayapi/testdata/grpcroute-with-service-match.out.yaml
@@ -102,7 +102,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: true
diff --git a/internal/gatewayapi/testdata/httproute-and-backendtrafficpolicy-with-timeout-error.out.yaml b/internal/gatewayapi/testdata/httproute-and-backendtrafficpolicy-with-timeout-error.out.yaml
index bda6f990dda..22a6796814c 100644
--- a/internal/gatewayapi/testdata/httproute-and-backendtrafficpolicy-with-timeout-error.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-and-backendtrafficpolicy-with-timeout-error.out.yaml
@@ -134,7 +134,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-and-backendtrafficpolicy-with-timeout.out.yaml b/internal/gatewayapi/testdata/httproute-and-backendtrafficpolicy-with-timeout.out.yaml
index 04843eba9aa..004456773c4 100644
--- a/internal/gatewayapi/testdata/httproute-and-backendtrafficpolicy-with-timeout.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-and-backendtrafficpolicy-with-timeout.out.yaml
@@ -254,7 +254,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: true
@@ -297,7 +297,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-more-different-listeners.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-more-different-listeners.out.yaml
index e532697a7b4..cad7873ad13 100644
--- a/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-more-different-listeners.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-more-different-listeners.out.yaml
@@ -356,7 +356,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- foo.com
isHTTP2: false
@@ -391,7 +391,7 @@ xdsIR:
distinct: false
name: ""
prefix: /
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- bar.com
isHTTP2: false
@@ -426,7 +426,7 @@ xdsIR:
distinct: false
name: ""
prefix: /
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- foo1.com
isHTTP2: false
@@ -461,7 +461,7 @@ xdsIR:
distinct: false
name: ""
prefix: /
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- bar1.com
isHTTP2: false
@@ -496,7 +496,7 @@ xdsIR:
distinct: false
name: ""
prefix: /
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- foo2.com
isHTTP2: false
@@ -531,7 +531,7 @@ xdsIR:
distinct: false
name: ""
prefix: /
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- bar2.com
isHTTP2: false
@@ -566,7 +566,7 @@ xdsIR:
distinct: false
name: ""
prefix: /
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- foo3.com
isHTTP2: false
@@ -601,7 +601,7 @@ xdsIR:
distinct: false
name: ""
prefix: /
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- bar3.com
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-more-listeners.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-more-listeners.out.yaml
index 5bc5e17485a..ff94451e5bc 100644
--- a/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-more-listeners.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-more-listeners.out.yaml
@@ -307,7 +307,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- foo.com
isHTTP2: false
@@ -342,7 +342,7 @@ xdsIR:
distinct: false
name: ""
prefix: /
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- bar.com
isHTTP2: false
@@ -377,7 +377,7 @@ xdsIR:
distinct: false
name: ""
prefix: /
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- foo1.com
isHTTP2: false
@@ -412,7 +412,7 @@ xdsIR:
distinct: false
name: ""
prefix: /
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- bar1.com
isHTTP2: false
@@ -447,7 +447,7 @@ xdsIR:
distinct: false
name: ""
prefix: /
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- foo2.com
isHTTP2: false
@@ -482,7 +482,7 @@ xdsIR:
distinct: false
name: ""
prefix: /
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- bar2.com
isHTTP2: false
@@ -517,7 +517,7 @@ xdsIR:
distinct: false
name: ""
prefix: /
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- foo3.com
isHTTP2: false
@@ -552,7 +552,7 @@ xdsIR:
distinct: false
name: ""
prefix: /
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- bar3.com
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners-with-different-ports.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners-with-different-ports.out.yaml
index bec756628f7..647d620d729 100644
--- a/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners-with-different-ports.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners-with-different-ports.out.yaml
@@ -138,7 +138,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -173,7 +173,7 @@ xdsIR:
distinct: false
name: ""
prefix: /
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -212,5 +212,5 @@ xdsIR:
alpnProtocols: null
certificates:
- name: envoy-gateway/tls-secret-1
- privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2QwZlBDYWtweE1nUnUKT0VXQjFiQk5FM3ZseW55aTZWbkV2VWF1OUhvakR2UHVPTFJIaGI4MmoyY1ovMHhnL1lKR09LelBuV2JERkxGNApHdWh3dDRENmFUR0xYNklPODEwTDZ0SXZIWGZNUXRJS2VwdTZ3K3p1WVo4bG1yejB1RjZlWEtqamVIbHhyb2ZrCnVNekM3OUVaU0lYZlZlczJ1SmdVRSs4VGFzSDUzQ2Y4MFNSRGlIeEdxckttdVNjWCtwejBreGdCZ1VWYTVVS20KUWdTZDFmVUxLOUEwNXAxOXkrdURPM204bVhRNkxVQ0N1STFwZHNROGFlNS9zamlxa0VjWlJjMTdWYVgxWjVVaQpvcGZnNW9SY05VTG9VTHNiek9aNTR0YlVDUmdSV2VLbGZxaElINEZ6OUlkVlUyR3dFdEdhMmV6TjgyMVBaQ3QzCjZhbVRIelJsQWdNQkFBRUNnZ0VBWTFGTUlLNDVXTkVNUHJ6RTZUY3NNdVV2RkdhQVZ4bVk5NW5SMEtwajdvb3IKY21CVys2ZXN0TTQ4S1AwaitPbXd3VFpMY29Cd3VoWGN0V1Bob1lXcDhteWUxRUlEdjNyaHRHMDdocEQ1NGg2dgpCZzh3ejdFYStzMk9sT0N6UnlKNzBSY281YlhjWDNGaGJjdnFlRWJwaFFyQnpOSEtLMjZ4cmZqNWZIT3p6T1FGCmJHdUZ3SDVic3JGdFhlajJXM3c4eW90N0ZQSDV3S3RpdnhvSWU5RjMyOXNnOU9EQnZqWnpiaG1LVTArckFTK1kKRGVield2bFJyaEUrbXVmQTN6M0N0QXhDOFJpNzNscFNoTDRQQWlvcG1SUXlxZXRXMjYzOFFxcnM0R3hnNzhwbApJUXJXTmNBc2s3Slg5d3RZenV6UFBXSXRWTTFscFJiQVRhNTJqdFl2NVFLQmdRRE5tMTFtZTRYam1ZSFV2cStZCmFTUzdwK2UybXZEMHVaOU9JeFluQnBWMGkrckNlYnFFMkE1Rm5hcDQ5Yld4QTgwUElldlVkeUpCL2pUUkoxcVMKRUpXQkpMWm1LVkg2K1QwdWw1ZUtOcWxFTFZHU0dCSXNpeE9SUXpDZHBoMkx0UmtBMHVjSVUzY3hiUmVMZkZCRQpiSkdZWENCdlNGcWd0VDlvZTFldVpMVmFOd0tCZ1FERWdENzJENk81eGIweEQ1NDQ1M0RPMUJhZmd6aThCWDRTCk1SaVd2LzFUQ0w5N05sRWtoeXovNmtQd1owbXJRcE5CMzZFdkpKZFVteHdkU2MyWDhrOGcxMC85NVlLQkdWQWoKL3d0YVZYbE9WeEFvK0ZSelpZeFpyQ29uWWFSMHVwUzFybDRtenN4REhlZU9mUVZUTUgwUjdZN0pnbTA5dXQ4SwplanAvSXZBb1F3S0JnQjNaRWlRUWhvMVYrWjBTMlpiOG5KS0plMy9zMmxJTXFHM0ZkaS9RS3Q0eWViQWx6OGY5ClBZVXBzRmZEQTg5Z3grSU1nSm5sZVptdTk2ZnRXSjZmdmJSenllN216TG5zZU05TXZua1lHbGFGWmJRWnZubXMKN3ZoRmtzY3dHRlh4d21GMlBJZmU1Z3pNMDRBeVdjeTFIaVhLS2dNOXM3cGsxWUdyZGowZzdacmRBb0dCQUtLNApDR3MrbkRmMEZTMFJYOWFEWVJrRTdBNy9YUFhtSG5YMkRnU1h5N0Q4NTRPaWdTTWNoUmtPNTErbVNJejNQbllvCk41T1FXM2lHVVl1M1YvYmhnc0VSUzM1V2xmRk9BdDBzRUR5bjF5SVdXcDF5dG93d3BUNkVvUXVuZ2NYZjA5RjMKS1NROXowd3M4VmsvRWkvSFVXcU5LOWFXbU51cmFaT0ZqL2REK1ZkOUFvR0FMWFN3dEE3K043RDRkN0VEMURSRQpHTWdZNVd3OHFvdDZSdUNlNkpUY0FnU3B1MkhNU3JVY2dXclpiQnJZb09FUnVNQjFoMVJydk5ybU1qQlM0VW9FClgyZC8vbGhpOG1wL2VESWN3UDNRa2puanBJRFJWMFN1eWxrUkVaZURKZjVZb3R6eDdFdkJhbzFIbkQrWEg4eUIKVUtmWGJTaHZKVUdhRmgxT3Q1Y3JoM1k9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
+ privateKey: '[redacted]'
serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUREVENDQWZXZ0F3SUJBZ0lVRUZNaFA5ZUo5WEFCV3NRNVptNmJSazJjTE5Rd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZqRVVNQklHQTFVRUF3d0xabTl2TG1KaGNpNWpiMjB3SGhjTk1qUXdNakk1TURrek1ERXdXaGNOTXpRdwpNakkyTURrek1ERXdXakFXTVJRd0VnWURWUVFEREF0bWIyOHVZbUZ5TG1OdmJUQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFKbEk2WXhFOVprQ1BzNnBDUXhickNtZWl4OVA1RGZ4OVJ1NUxENFQKSm1kVzdJS2R0UVYvd2ZMbXRzdTc2QithVGRDaldlMEJUZmVPT1JCYlIzY1BBRzZFbFFMaWNsUVVydW4zcStncwpKcEsrSTdjSStqNXc4STY4WEg1V1E3clZVdGJ3SHBxYncrY1ZuQnFJVU9MaUlhdGpJZjdLWDUxTTF1RjljZkVICkU0RG5jSDZyYnI1OS9SRlpCc2toeHM1T3p3Sklmb2hreXZGd2V1VHd4Sy9WcGpJKzdPYzQ4QUJDWHBOTzlEL3EKRWgrck9hdWpBTWNYZ0hRSVRrQ2lpVVRjVW82TFNIOXZMWlB0YXFmem9acTZuaE1xcFc2NUUxcEF3RjNqeVRUeAphNUk4SmNmU0Zqa2llWjIwTFVRTW43TThVNHhIamFvL2d2SDBDQWZkQjdSTFUyc0NBd0VBQWFOVE1GRXdIUVlEClZSME9CQllFRk9SQ0U4dS8xRERXN2loWnA3Y3g5dFNtUG02T01COEdBMVVkSXdRWU1CYUFGT1JDRTh1LzFERFcKN2loWnA3Y3g5dFNtUG02T01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQgpBRnQ1M3pqc3FUYUg1YThFMmNodm1XQWdDcnhSSzhiVkxNeGl3TkdqYm1FUFJ6K3c2TngrazBBOEtFY0lEc0tjClNYY2k1OHU0b1didFZKQmx6YS9adWpIUjZQMUJuT3BsK2FveTc4NGJiZDRQMzl3VExvWGZNZmJCQ20xdmV2aDkKQUpLbncyWnRxcjRta2JMY3hFcWxxM3NCTEZBUzlzUUxuS05DZTJjR0xkVHAyYm9HK3FjZ3lRZ0NJTTZmOEVNdgpXUGlmQ01NR3V6Sy9HUkY0YlBPL1lGNDhld0R1M1VlaWgwWFhkVUFPRTlDdFVhOE5JaGMxVVBhT3pQcnRZVnFyClpPR2t2L0t1K0I3OGg4U0VzTzlYclFjdXdiT25KeDZLdFIrYWV5a3ZBcFhDUTNmWkMvYllLQUFSK1A4QUpvUVoKYndJVW1YaTRnajVtK2JLUGhlK2lyK0U9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners.out.yaml
index 4d3310f2614..07bb66f43b7 100644
--- a/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-attaching-to-gateway-with-two-listeners.out.yaml
@@ -127,7 +127,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- foo.com
isHTTP2: false
@@ -162,7 +162,7 @@ xdsIR:
distinct: false
name: ""
prefix: /
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- bar.com
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-gateway.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-gateway.out.yaml
index 817bc24013a..ee8dccb4256 100644
--- a/internal/gatewayapi/testdata/httproute-attaching-to-gateway.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-attaching-to-gateway.out.yaml
@@ -96,7 +96,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener-matching-port.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener-matching-port.out.yaml
index 4abbc554d9d..5ce4b0143c2 100644
--- a/internal/gatewayapi/testdata/httproute-attaching-to-listener-matching-port.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener-matching-port.out.yaml
@@ -100,7 +100,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener-on-gateway-with-two-listeners.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener-on-gateway-with-two-listeners.out.yaml
index 5b4bf8d4bb9..8897f06d841 100644
--- a/internal/gatewayapi/testdata/httproute-attaching-to-listener-on-gateway-with-two-listeners.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener-on-gateway-with-two-listeners.out.yaml
@@ -129,7 +129,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- foo.com
isHTTP2: false
@@ -143,7 +143,7 @@ xdsIR:
escapedSlashesAction: UnescapeAndRedirect
mergeSlashes: true
port: 10080
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- bar.com
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-backend-and-core-backendrefs.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-backend-and-core-backendrefs.out.yaml
index 484fe119154..f4a6b3f6334 100644
--- a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-backend-and-core-backendrefs.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-backend-and-core-backendrefs.out.yaml
@@ -202,7 +202,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-backend-backendref-mixed-address-type.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-backend-backendref-mixed-address-type.out.yaml
index 80b6f6627b2..f5bf64e50d7 100644
--- a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-backend-backendref-mixed-address-type.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-backend-backendref-mixed-address-type.out.yaml
@@ -259,7 +259,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-backend-backendref.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-backend-backendref.out.yaml
index cdbbe788086..f4b38eead2f 100644
--- a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-backend-backendref.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-backend-backendref.out.yaml
@@ -342,7 +342,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-backend-backendrefs-diff-address-type.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-backend-backendrefs-diff-address-type.out.yaml
index 3b5ddfa6298..e758629820c 100644
--- a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-backend-backendrefs-diff-address-type.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-backend-backendrefs-diff-address-type.out.yaml
@@ -281,7 +281,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-backend-backendrefs-same-address-type.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-backend-backendrefs-same-address-type.out.yaml
index 5a413ae4630..8f302d19c11 100644
--- a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-backend-backendrefs-same-address-type.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-backend-backendrefs-same-address-type.out.yaml
@@ -290,7 +290,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-serviceimport-backendrefs-diff-address-type.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-serviceimport-backendrefs-diff-address-type.out.yaml
index 7b2b55fe1c0..a673d3342dd 100644
--- a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-serviceimport-backendrefs-diff-address-type.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-serviceimport-backendrefs-diff-address-type.out.yaml
@@ -104,7 +104,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-serviceimport-backendrefs-same-address-type.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-serviceimport-backendrefs-same-address-type.out.yaml
index 5667491636e..8c02b288f1d 100644
--- a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-serviceimport-backendrefs-same-address-type.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-multiple-serviceimport-backendrefs-same-address-type.out.yaml
@@ -104,7 +104,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref-fqdn-address-type.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref-fqdn-address-type.out.yaml
index e29f978c85e..73f0582b114 100644
--- a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref-fqdn-address-type.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref-fqdn-address-type.out.yaml
@@ -100,7 +100,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref-mixed-address-type.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref-mixed-address-type.out.yaml
index 38c70c4a8d2..6de22de9901 100644
--- a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref-mixed-address-type.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref-mixed-address-type.out.yaml
@@ -100,7 +100,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref.out.yaml
index 144ccbd3c57..7efbce03645 100644
--- a/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener-with-serviceimport-backendref.out.yaml
@@ -100,7 +100,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-attaching-to-listener.out.yaml b/internal/gatewayapi/testdata/httproute-attaching-to-listener.out.yaml
index 3bdc7cc4697..865bc78af93 100644
--- a/internal/gatewayapi/testdata/httproute-attaching-to-listener.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-attaching-to-listener.out.yaml
@@ -98,7 +98,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-backend-request-timeout.out.yaml b/internal/gatewayapi/testdata/httproute-backend-request-timeout.out.yaml
index c49d551e867..99d9d4f7725 100644
--- a/internal/gatewayapi/testdata/httproute-backend-request-timeout.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-backend-request-timeout.out.yaml
@@ -100,7 +100,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-not-attaching-to-listener-non-matching-port.out.yaml b/internal/gatewayapi/testdata/httproute-not-attaching-to-listener-non-matching-port.out.yaml
index 9cd60408345..3138c613b78 100644
--- a/internal/gatewayapi/testdata/httproute-not-attaching-to-listener-non-matching-port.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-not-attaching-to-listener-non-matching-port.out.yaml
@@ -99,7 +99,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- foo.com
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-request-timeout.out.yaml b/internal/gatewayapi/testdata/httproute-request-timeout.out.yaml
index dc1c9cb950d..242028fb5bc 100644
--- a/internal/gatewayapi/testdata/httproute-request-timeout.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-request-timeout.out.yaml
@@ -100,7 +100,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-rule-with-empty-backends-and-no-filters.out.yaml b/internal/gatewayapi/testdata/httproute-rule-with-empty-backends-and-no-filters.out.yaml
index c7fd7b9e40e..ddc5eec76b5 100644
--- a/internal/gatewayapi/testdata/httproute-rule-with-empty-backends-and-no-filters.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-rule-with-empty-backends-and-no-filters.out.yaml
@@ -93,7 +93,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-no-weights.out.yaml b/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-no-weights.out.yaml
index 11634b9f050..dbd5d70f62f 100644
--- a/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-no-weights.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-no-weights.out.yaml
@@ -100,7 +100,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-weights.out.yaml b/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-weights.out.yaml
index e9a785e0d1b..2f4fc1349a0 100644
--- a/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-weights.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-rule-with-multiple-backends-and-weights.out.yaml
@@ -106,7 +106,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-rule-with-non-service-backends-and-app-protocols.out.yaml b/internal/gatewayapi/testdata/httproute-rule-with-non-service-backends-and-app-protocols.out.yaml
index 4c5fcd5e8e2..5e89675b3e5 100644
--- a/internal/gatewayapi/testdata/httproute-rule-with-non-service-backends-and-app-protocols.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-rule-with-non-service-backends-and-app-protocols.out.yaml
@@ -175,7 +175,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-rule-with-non-service-backends-and-weights.out.yaml b/internal/gatewayapi/testdata/httproute-rule-with-non-service-backends-and-weights.out.yaml
index d56407b0dd9..3e9f0b780d4 100644
--- a/internal/gatewayapi/testdata/httproute-rule-with-non-service-backends-and-weights.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-rule-with-non-service-backends-and-weights.out.yaml
@@ -173,7 +173,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-backendref-add-multiple-filters.out.yaml b/internal/gatewayapi/testdata/httproute-with-backendref-add-multiple-filters.out.yaml
index 122d09efdeb..3828541e423 100644
--- a/internal/gatewayapi/testdata/httproute-with-backendref-add-multiple-filters.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-backendref-add-multiple-filters.out.yaml
@@ -121,7 +121,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-backendref-in-other-namespace-allowed-by-refgrant.out.yaml b/internal/gatewayapi/testdata/httproute-with-backendref-in-other-namespace-allowed-by-refgrant.out.yaml
index d708b748380..290787479f9 100644
--- a/internal/gatewayapi/testdata/httproute-with-backendref-in-other-namespace-allowed-by-refgrant.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-backendref-in-other-namespace-allowed-by-refgrant.out.yaml
@@ -98,7 +98,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-backendref-serviceimport-in-other-namespace-allowed-by-refgrant.out.yaml b/internal/gatewayapi/testdata/httproute-with-backendref-serviceimport-in-other-namespace-allowed-by-refgrant.out.yaml
index 9b175f032c4..58c0c38d89d 100644
--- a/internal/gatewayapi/testdata/httproute-with-backendref-serviceimport-in-other-namespace-allowed-by-refgrant.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-backendref-serviceimport-in-other-namespace-allowed-by-refgrant.out.yaml
@@ -100,7 +100,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-direct-response.out.yaml b/internal/gatewayapi/testdata/httproute-with-direct-response.out.yaml
index 29b6b051366..8be2bc8a4e6 100644
--- a/internal/gatewayapi/testdata/httproute-with-direct-response.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-direct-response.out.yaml
@@ -153,7 +153,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-empty-matches.out.yaml b/internal/gatewayapi/testdata/httproute-with-empty-matches.out.yaml
index 6853b8172b3..6b21dddcd4e 100644
--- a/internal/gatewayapi/testdata/httproute-with-empty-matches.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-empty-matches.out.yaml
@@ -95,7 +95,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-add-multiple-filters.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-add-multiple-filters.out.yaml
index 605aa384f3e..3ab8edd3fb0 100644
--- a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-add-multiple-filters.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-add-multiple-filters.out.yaml
@@ -116,7 +116,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-adds.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-adds.out.yaml
index f122fc17d5b..0f06a777a42 100644
--- a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-adds.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-adds.out.yaml
@@ -126,7 +126,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-remove-multiple-filters.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-remove-multiple-filters.out.yaml
index e3ea3d5158b..92a45ab8ea5 100644
--- a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-remove-multiple-filters.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-remove-multiple-filters.out.yaml
@@ -112,7 +112,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-removes.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-removes.out.yaml
index 23567e22077..5b8b7e76f2f 100644
--- a/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-removes.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-header-filter-duplicate-removes.out.yaml
@@ -107,7 +107,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-empty-header-values.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-empty-header-values.out.yaml
index 67c14e133a7..af3f6e189d5 100644
--- a/internal/gatewayapi/testdata/httproute-with-header-filter-empty-header-values.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-header-filter-empty-header-values.out.yaml
@@ -110,7 +110,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-empty-headers.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-empty-headers.out.yaml
index 7549c52cbb1..f49fa9e41e9 100644
--- a/internal/gatewayapi/testdata/httproute-with-header-filter-empty-headers.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-header-filter-empty-headers.out.yaml
@@ -112,7 +112,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-invalid-headers.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-invalid-headers.out.yaml
index 5405ad66246..2b0623b7710 100644
--- a/internal/gatewayapi/testdata/httproute-with-header-filter-invalid-headers.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-header-filter-invalid-headers.out.yaml
@@ -113,7 +113,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-no-headers.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-no-headers.out.yaml
index a8986f5d429..faaa608b996 100644
--- a/internal/gatewayapi/testdata/httproute-with-header-filter-no-headers.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-header-filter-no-headers.out.yaml
@@ -104,7 +104,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-no-valid-headers.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-no-valid-headers.out.yaml
index 36f621f095c..9a73541ccec 100644
--- a/internal/gatewayapi/testdata/httproute-with-header-filter-no-valid-headers.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-header-filter-no-valid-headers.out.yaml
@@ -108,7 +108,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-header-filter-remove.out.yaml b/internal/gatewayapi/testdata/httproute-with-header-filter-remove.out.yaml
index b111af6e08b..f345d70ae45 100644
--- a/internal/gatewayapi/testdata/httproute-with-header-filter-remove.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-header-filter-remove.out.yaml
@@ -108,7 +108,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-bad-port.out.yaml b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-bad-port.out.yaml
index 2ca033356bb..6c390846d3a 100644
--- a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-bad-port.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-bad-port.out.yaml
@@ -97,7 +97,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-invalid-group.out.yaml b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-invalid-group.out.yaml
index e7c2869de1c..26bffbc4231 100644
--- a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-invalid-group.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-invalid-group.out.yaml
@@ -101,7 +101,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-invalid-kind.out.yaml b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-invalid-kind.out.yaml
index a1c5683d27a..818ac56cde8 100644
--- a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-invalid-kind.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-invalid-kind.out.yaml
@@ -99,7 +99,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-port.out.yaml b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-port.out.yaml
index ed62f94f257..fb9ee9fbe2d 100644
--- a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-port.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-port.out.yaml
@@ -97,7 +97,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-service.import.out.yaml b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-service.import.out.yaml
index 794a5d87c3a..b26a993bf21 100644
--- a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-service.import.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-service.import.out.yaml
@@ -99,7 +99,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-service.out.yaml b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-service.out.yaml
index 18019d56e70..f0af70dfcd6 100644
--- a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-service.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-no-service.out.yaml
@@ -97,7 +97,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-unsupported-filter.out.yaml b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-unsupported-filter.out.yaml
index f9ee3bb21fa..10fbc26ad4f 100644
--- a/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-unsupported-filter.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-invalid-backend-ref-unsupported-filter.out.yaml
@@ -104,7 +104,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-invalid-backendref-in-other-namespace.out.yaml b/internal/gatewayapi/testdata/httproute-with-invalid-backendref-in-other-namespace.out.yaml
index 3500d3be9cc..e52f15b3ac1 100644
--- a/internal/gatewayapi/testdata/httproute-with-invalid-backendref-in-other-namespace.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-invalid-backendref-in-other-namespace.out.yaml
@@ -98,7 +98,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-invalid-regex.out.yaml b/internal/gatewayapi/testdata/httproute-with-invalid-regex.out.yaml
index 05617ca8192..07e602727f7 100644
--- a/internal/gatewayapi/testdata/httproute-with-invalid-regex.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-invalid-regex.out.yaml
@@ -148,7 +148,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -167,7 +167,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-metadata.in.yaml b/internal/gatewayapi/testdata/httproute-with-metadata.in.yaml
index 24f9fa568ad..c215c01004c 100644
--- a/internal/gatewayapi/testdata/httproute-with-metadata.in.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-metadata.in.yaml
@@ -31,4 +31,13 @@ httpRoutes:
- backendRefs:
- name: service-1
port: 8080
-
+ name: rule-1
+ - backendRefs:
+ - name: service-1
+ port: 8080
+ matches:
+ - headers:
+ - type: Exact
+ name: foo
+ value: bar
+ name: rule-2
diff --git a/internal/gatewayapi/testdata/httproute-with-metadata.out.yaml b/internal/gatewayapi/testdata/httproute-with-metadata.out.yaml
index 8d86bec237a..fedcd5f5181 100644
--- a/internal/gatewayapi/testdata/httproute-with-metadata.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-metadata.out.yaml
@@ -58,6 +58,16 @@ httpRoutes:
- backendRefs:
- name: service-1
port: 8080
+ name: rule-1
+ - backendRefs:
+ - name: service-1
+ port: 8080
+ matches:
+ - headers:
+ - name: foo
+ type: Exact
+ value: bar
+ name: rule-2
status:
parents:
- conditions:
@@ -98,7 +108,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -113,6 +123,29 @@ xdsIR:
mergeSlashes: true
port: 10080
routes:
+ - destination:
+ name: httproute/default/httproute-1/rule/1
+ settings:
+ - addressType: IP
+ endpoints:
+ - host: 7.7.7.7
+ port: 8080
+ protocol: HTTP
+ weight: 1
+ headerMatches:
+ - distinct: false
+ exact: bar
+ name: foo
+ hostname: '*'
+ isHTTP2: false
+ metadata:
+ annotations:
+ foo: bar
+ kind: HTTPRoute
+ name: httproute-1
+ namespace: default
+ sectionName: rule-2
+ name: httproute/default/httproute-1/rule/1/match/0/*
- destination:
name: httproute/default/httproute-1/rule/0
settings:
@@ -130,4 +163,5 @@ xdsIR:
kind: HTTPRoute
name: httproute-1
namespace: default
+ sectionName: rule-1
name: httproute/default/httproute-1/rule/0/match/-1/*
diff --git a/internal/gatewayapi/testdata/httproute-with-mirror-filter-duplicates.out.yaml b/internal/gatewayapi/testdata/httproute-with-mirror-filter-duplicates.out.yaml
index 29d9dd320a5..7b213e66450 100644
--- a/internal/gatewayapi/testdata/httproute-with-mirror-filter-duplicates.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-mirror-filter-duplicates.out.yaml
@@ -114,7 +114,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-mirror-filter-multiple.out.yaml b/internal/gatewayapi/testdata/httproute-with-mirror-filter-multiple.out.yaml
index c6e534c9c63..7251228643b 100644
--- a/internal/gatewayapi/testdata/httproute-with-mirror-filter-multiple.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-mirror-filter-multiple.out.yaml
@@ -126,7 +126,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-mirror-filter-service-no-port.out.yaml b/internal/gatewayapi/testdata/httproute-with-mirror-filter-service-no-port.out.yaml
index 50105a1e054..ad035eb7c47 100644
--- a/internal/gatewayapi/testdata/httproute-with-mirror-filter-service-no-port.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-mirror-filter-service-no-port.out.yaml
@@ -108,7 +108,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-mirror-filter-service-not-found.out.yaml b/internal/gatewayapi/testdata/httproute-with-mirror-filter-service-not-found.out.yaml
index c0c193e034a..44ab3461292 100644
--- a/internal/gatewayapi/testdata/httproute-with-mirror-filter-service-not-found.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-mirror-filter-service-not-found.out.yaml
@@ -108,7 +108,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-mirror-filter.out.yaml b/internal/gatewayapi/testdata/httproute-with-mirror-filter.out.yaml
index e9f94617b4e..e1f711349e6 100644
--- a/internal/gatewayapi/testdata/httproute-with-mirror-filter.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-mirror-filter.out.yaml
@@ -108,7 +108,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-multi-gateways-notmatch.out.yaml b/internal/gatewayapi/testdata/httproute-with-multi-gateways-notmatch.out.yaml
index c7801a560d0..d0f71d4d6a1 100644
--- a/internal/gatewayapi/testdata/httproute-with-multi-gateways-notmatch.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-multi-gateways-notmatch.out.yaml
@@ -116,7 +116,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -135,7 +135,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-multi-gateways-with-same-name.out.yaml b/internal/gatewayapi/testdata/httproute-with-multi-gateways-with-same-name.out.yaml
index f3c1a6b1ed4..84dae610113 100644
--- a/internal/gatewayapi/testdata/httproute-with-multi-gateways-with-same-name.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-multi-gateways-with-same-name.out.yaml
@@ -149,7 +149,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -189,7 +189,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-multiple-gateways-from-different-ns.out.yaml b/internal/gatewayapi/testdata/httproute-with-multiple-gateways-from-different-ns.out.yaml
index ba2f58b8667..61b67c75d89 100644
--- a/internal/gatewayapi/testdata/httproute-with-multiple-gateways-from-different-ns.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-multiple-gateways-from-different-ns.out.yaml
@@ -178,7 +178,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.a.example.com'
isHTTP2: false
@@ -215,7 +215,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.b.example.com'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-multiple-gateways-from-same-ns.out.yaml b/internal/gatewayapi/testdata/httproute-with-multiple-gateways-from-same-ns.out.yaml
index 4e6bef64b9e..03f487b3aa4 100644
--- a/internal/gatewayapi/testdata/httproute-with-multiple-gateways-from-same-ns.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-multiple-gateways-from-same-ns.out.yaml
@@ -176,7 +176,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.a.example.com'
isHTTP2: false
@@ -213,7 +213,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.b.example.com'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-non-matching-specific-hostname-attaching-to-gateway-with-wildcard-hostname.out.yaml b/internal/gatewayapi/testdata/httproute-with-non-matching-specific-hostname-attaching-to-gateway-with-wildcard-hostname.out.yaml
index 810a78ccb87..878e6bd1574 100644
--- a/internal/gatewayapi/testdata/httproute-with-non-matching-specific-hostname-attaching-to-gateway-with-wildcard-hostname.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-non-matching-specific-hostname-attaching-to-gateway-with-wildcard-hostname.out.yaml
@@ -100,7 +100,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-redirect-filter-full-path-replace-https.out.yaml b/internal/gatewayapi/testdata/httproute-with-redirect-filter-full-path-replace-https.out.yaml
index d40408b2b02..9cdddc09c08 100644
--- a/internal/gatewayapi/testdata/httproute-with-redirect-filter-full-path-replace-https.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-redirect-filter-full-path-replace-https.out.yaml
@@ -106,7 +106,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-redirect-filter-hostname.out.yaml b/internal/gatewayapi/testdata/httproute-with-redirect-filter-hostname.out.yaml
index d7496698338..9d122032e5e 100644
--- a/internal/gatewayapi/testdata/httproute-with-redirect-filter-hostname.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-redirect-filter-hostname.out.yaml
@@ -104,7 +104,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-filter-type.out.yaml b/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-filter-type.out.yaml
index 63b32e64bb8..06dc740e0f6 100644
--- a/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-filter-type.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-filter-type.out.yaml
@@ -107,7 +107,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-scheme.out.yaml b/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-scheme.out.yaml
index 43ca155587d..440d12ac4a3 100644
--- a/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-scheme.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-scheme.out.yaml
@@ -104,7 +104,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-status.out.yaml b/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-status.out.yaml
index 588877b155e..104daac410d 100644
--- a/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-status.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-redirect-filter-invalid-status.out.yaml
@@ -103,7 +103,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-redirect-filter-prefix-replace-with-port-http.out.yaml b/internal/gatewayapi/testdata/httproute-with-redirect-filter-prefix-replace-with-port-http.out.yaml
index 9676b5d7688..265050323ef 100644
--- a/internal/gatewayapi/testdata/httproute-with-redirect-filter-prefix-replace-with-port-http.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-redirect-filter-prefix-replace-with-port-http.out.yaml
@@ -107,7 +107,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-adds.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-adds.out.yaml
index 6dcb4b28779..636bcf1289e 100644
--- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-adds.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-adds.out.yaml
@@ -122,7 +122,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-add-multiple-filters.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-add-multiple-filters.out.yaml
index 47d61c9fcfa..f89d8bdc91a 100644
--- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-add-multiple-filters.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-add-multiple-filters.out.yaml
@@ -116,7 +116,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-adds.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-adds.out.yaml
index 1d2f4f7124c..5e03bbf8f52 100644
--- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-adds.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-adds.out.yaml
@@ -126,7 +126,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-remove-multiple-filters.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-remove-multiple-filters.out.yaml
index b0dbd71c18d..a5915c1f9d1 100644
--- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-remove-multiple-filters.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-remove-multiple-filters.out.yaml
@@ -112,7 +112,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-removes.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-removes.out.yaml
index 893ce8cc969..7b6b7508258 100644
--- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-removes.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-duplicate-removes.out.yaml
@@ -107,7 +107,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-empty-header-values.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-empty-header-values.out.yaml
index 723cabbe6f7..0a032d52b85 100644
--- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-empty-header-values.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-empty-header-values.out.yaml
@@ -110,7 +110,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-empty-headers.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-empty-headers.out.yaml
index 6c8c063716d..17b26b97dc9 100644
--- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-empty-headers.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-empty-headers.out.yaml
@@ -112,7 +112,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-invalid-headers.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-invalid-headers.out.yaml
index f46e5ae3977..b3c0c252310 100644
--- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-invalid-headers.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-invalid-headers.out.yaml
@@ -113,7 +113,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-no-headers.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-no-headers.out.yaml
index e8d2f720d19..f50cbfec103 100644
--- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-no-headers.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-no-headers.out.yaml
@@ -104,7 +104,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-no-valid-headers.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-no-valid-headers.out.yaml
index cd89f06e995..6a8bec12323 100644
--- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-no-valid-headers.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-no-valid-headers.out.yaml
@@ -108,7 +108,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-response-header-filter-remove.out.yaml b/internal/gatewayapi/testdata/httproute-with-response-header-filter-remove.out.yaml
index e0f78c08c9d..aff1b276aa8 100644
--- a/internal/gatewayapi/testdata/httproute-with-response-header-filter-remove.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-response-header-filter-remove.out.yaml
@@ -108,7 +108,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-single-rule-with-exact-path-match.out.yaml b/internal/gatewayapi/testdata/httproute-with-single-rule-with-exact-path-match.out.yaml
index a73f169aad1..0e7d3803555 100644
--- a/internal/gatewayapi/testdata/httproute-with-single-rule-with-exact-path-match.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-single-rule-with-exact-path-match.out.yaml
@@ -97,7 +97,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-single-rule-with-http-method-match.out.yaml b/internal/gatewayapi/testdata/httproute-with-single-rule-with-http-method-match.out.yaml
index d4bf9af1612..c1005576fe9 100644
--- a/internal/gatewayapi/testdata/httproute-with-single-rule-with-http-method-match.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-single-rule-with-http-method-match.out.yaml
@@ -95,7 +95,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-single-rule-with-multiple-rules.out.yaml b/internal/gatewayapi/testdata/httproute-with-single-rule-with-multiple-rules.out.yaml
index 48706fbfb0c..ab30a3cb5db 100644
--- a/internal/gatewayapi/testdata/httproute-with-single-rule-with-multiple-rules.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-single-rule-with-multiple-rules.out.yaml
@@ -123,7 +123,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-single-rule-with-path-prefix-and-exact-header-matches.out.yaml b/internal/gatewayapi/testdata/httproute-with-single-rule-with-path-prefix-and-exact-header-matches.out.yaml
index 0be3cbea1d2..75b4de50088 100644
--- a/internal/gatewayapi/testdata/httproute-with-single-rule-with-path-prefix-and-exact-header-matches.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-single-rule-with-path-prefix-and-exact-header-matches.out.yaml
@@ -101,7 +101,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-some-invalid-backend-refs-no-service.out.yaml b/internal/gatewayapi/testdata/httproute-with-some-invalid-backend-refs-no-service.out.yaml
index ff9f5d272a8..97753e5fcee 100644
--- a/internal/gatewayapi/testdata/httproute-with-some-invalid-backend-refs-no-service.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-some-invalid-backend-refs-no-service.out.yaml
@@ -101,7 +101,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-specific-hostname-attaching-to-gateway-with-wildcard-hostname.out.yaml b/internal/gatewayapi/testdata/httproute-with-specific-hostname-attaching-to-gateway-with-wildcard-hostname.out.yaml
index 34ec33802bf..291ce9105ae 100644
--- a/internal/gatewayapi/testdata/httproute-with-specific-hostname-attaching-to-gateway-with-wildcard-hostname.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-specific-hostname-attaching-to-gateway-with-wildcard-hostname.out.yaml
@@ -99,7 +99,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-two-specific-hostnames-attaching-to-gateway-with-wildcard-hostname.out.yaml b/internal/gatewayapi/testdata/httproute-with-two-specific-hostnames-attaching-to-gateway-with-wildcard-hostname.out.yaml
index 2213aa315cb..4e4afb6be35 100644
--- a/internal/gatewayapi/testdata/httproute-with-two-specific-hostnames-attaching-to-gateway-with-wildcard-hostname.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-two-specific-hostnames-attaching-to-gateway-with-wildcard-hostname.out.yaml
@@ -100,7 +100,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-full-path-replace-http.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-full-path-replace-http.out.yaml
index 3d8c69a6178..5b9bb7fd74d 100644
--- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-full-path-replace-http.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-full-path-replace-http.out.yaml
@@ -107,7 +107,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-hostname-prefix-replace.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-hostname-prefix-replace.out.yaml
index 8e3079c9bbe..4aed1840d42 100644
--- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-hostname-prefix-replace.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-hostname-prefix-replace.out.yaml
@@ -108,7 +108,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-hostname.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-hostname.out.yaml
index c0d8cce8b8a..7dc2cb30469 100644
--- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-hostname.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-hostname.out.yaml
@@ -105,7 +105,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-filter-type.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-filter-type.out.yaml
index 7cbff74f25b..0c8665dc24d 100644
--- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-filter-type.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-filter-type.out.yaml
@@ -105,7 +105,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-hostname.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-hostname.out.yaml
index e1905ea7933..f30c9859523 100644
--- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-hostname.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-hostname.out.yaml
@@ -111,7 +111,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-multiple-filters.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-multiple-filters.out.yaml
index 3dcffc8edbb..46d54b18956 100644
--- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-multiple-filters.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-multiple-filters.out.yaml
@@ -113,7 +113,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-path-type.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-path-type.out.yaml
index c51f0b56107..fcb1f1ea710 100644
--- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-path-type.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-path-type.out.yaml
@@ -109,7 +109,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-path.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-path.out.yaml
index 25991b658fa..20023c84cf8 100644
--- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-path.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-invalid-path.out.yaml
@@ -108,7 +108,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-missing-path.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-missing-path.out.yaml
index 86b8fce36bd..9e55e63c72a 100644
--- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-missing-path.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-missing-path.out.yaml
@@ -106,7 +106,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-prefix-replace-http.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-prefix-replace-http.out.yaml
index dd20383d2ea..d6c093778ea 100644
--- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-prefix-replace-http.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-prefix-replace-http.out.yaml
@@ -107,7 +107,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-regex-match-replace-http.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-regex-match-replace-http.out.yaml
index c42f3934568..bb60b64605c 100644
--- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-regex-match-replace-http.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-regex-match-replace-http.out.yaml
@@ -245,7 +245,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-regex-match-replace-invalid.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-regex-match-replace-invalid.out.yaml
index 17ffc680f52..24f1e8043f8 100644
--- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-regex-match-replace-invalid.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-filter-regex-match-replace-invalid.out.yaml
@@ -342,7 +342,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-hostname-filter-invalid.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-hostname-filter-invalid.out.yaml
index ab24ec0e81d..93a4d218056 100644
--- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-hostname-filter-invalid.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-hostname-filter-invalid.out.yaml
@@ -348,7 +348,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-urlrewrite-hostname-filter.out.yaml b/internal/gatewayapi/testdata/httproute-with-urlrewrite-hostname-filter.out.yaml
index 916f7d0cefe..2979fabc641 100644
--- a/internal/gatewayapi/testdata/httproute-with-urlrewrite-hostname-filter.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-urlrewrite-hostname-filter.out.yaml
@@ -249,7 +249,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproute-with-wildcard-hostname-attaching-to-gateway-with-unset-hostname.out.yaml b/internal/gatewayapi/testdata/httproute-with-wildcard-hostname-attaching-to-gateway-with-unset-hostname.out.yaml
index 821a30d4cb3..636d864e709 100644
--- a/internal/gatewayapi/testdata/httproute-with-wildcard-hostname-attaching-to-gateway-with-unset-hostname.out.yaml
+++ b/internal/gatewayapi/testdata/httproute-with-wildcard-hostname-attaching-to-gateway-with-unset-hostname.out.yaml
@@ -98,7 +98,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/httproutes-with-multiple-matches.out.yaml b/internal/gatewayapi/testdata/httproutes-with-multiple-matches.out.yaml
index a21561696f2..ec627ecda95 100644
--- a/internal/gatewayapi/testdata/httproutes-with-multiple-matches.out.yaml
+++ b/internal/gatewayapi/testdata/httproutes-with-multiple-matches.out.yaml
@@ -283,7 +283,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/merge-invalid-multiple-gateways.out.yaml b/internal/gatewayapi/testdata/merge-invalid-multiple-gateways.out.yaml
index d8d24642dd3..33ab0632ce2 100644
--- a/internal/gatewayapi/testdata/merge-invalid-multiple-gateways.out.yaml
+++ b/internal/gatewayapi/testdata/merge-invalid-multiple-gateways.out.yaml
@@ -136,7 +136,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -151,6 +151,6 @@ xdsIR:
mergeSlashes: true
port: 10080
udp:
- - address: 0.0.0.0
+ - address: '::'
name: envoy-gateway/gateway-2/udp
port: 10080
diff --git a/internal/gatewayapi/testdata/merge-valid-multiple-gateways-multiple-listeners-same-ports.out.yaml b/internal/gatewayapi/testdata/merge-valid-multiple-gateways-multiple-listeners-same-ports.out.yaml
index 0e015155214..27f75da25ec 100644
--- a/internal/gatewayapi/testdata/merge-valid-multiple-gateways-multiple-listeners-same-ports.out.yaml
+++ b/internal/gatewayapi/testdata/merge-valid-multiple-gateways-multiple-listeners-same-ports.out.yaml
@@ -172,7 +172,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -186,7 +186,7 @@ xdsIR:
escapedSlashesAction: UnescapeAndRedirect
mergeSlashes: true
port: 10080
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- company.com
isHTTP2: false
@@ -200,7 +200,7 @@ xdsIR:
escapedSlashesAction: UnescapeAndRedirect
mergeSlashes: true
port: 8888
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -214,7 +214,7 @@ xdsIR:
escapedSlashesAction: UnescapeAndRedirect
mergeSlashes: true
port: 8888
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- example.com
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/merge-valid-multiple-gateways-multiple-routes.out.yaml b/internal/gatewayapi/testdata/merge-valid-multiple-gateways-multiple-routes.out.yaml
index 4c48dd68694..dba5580e6a7 100644
--- a/internal/gatewayapi/testdata/merge-valid-multiple-gateways-multiple-routes.out.yaml
+++ b/internal/gatewayapi/testdata/merge-valid-multiple-gateways-multiple-routes.out.yaml
@@ -223,7 +223,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
@@ -258,7 +258,7 @@ xdsIR:
distinct: false
name: ""
prefix: /
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -272,7 +272,7 @@ xdsIR:
escapedSlashesAction: UnescapeAndRedirect
mergeSlashes: true
port: 8888
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- example.com
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/merge-valid-multiple-gateways.out.yaml b/internal/gatewayapi/testdata/merge-valid-multiple-gateways.out.yaml
index 7afe665224b..b5fb3b7915b 100644
--- a/internal/gatewayapi/testdata/merge-valid-multiple-gateways.out.yaml
+++ b/internal/gatewayapi/testdata/merge-valid-multiple-gateways.out.yaml
@@ -145,7 +145,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -159,7 +159,7 @@ xdsIR:
escapedSlashesAction: UnescapeAndRedirect
mergeSlashes: true
port: 10080
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -173,7 +173,7 @@ xdsIR:
escapedSlashesAction: UnescapeAndRedirect
mergeSlashes: true
port: 8888
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- example.com
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/merge-with-isolated-policies-2.out.yaml b/internal/gatewayapi/testdata/merge-with-isolated-policies-2.out.yaml
index b0e8b627fe8..1c828fc13bf 100644
--- a/internal/gatewayapi/testdata/merge-with-isolated-policies-2.out.yaml
+++ b/internal/gatewayapi/testdata/merge-with-isolated-policies-2.out.yaml
@@ -501,7 +501,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- bar.example.com
isHTTP2: false
@@ -560,7 +560,7 @@ xdsIR:
timeout:
http:
requestReceivedTimeout: 5s
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- foo.example.com
isHTTP2: false
@@ -619,7 +619,7 @@ xdsIR:
timeout:
http:
requestReceivedTimeout: 5s
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- bar.example.com
isHTTP2: false
@@ -670,7 +670,7 @@ xdsIR:
- x-header-7
- x-header-8
maxAge: 33m20s
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- foo.example.com
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/merge-with-isolated-policies.out.yaml b/internal/gatewayapi/testdata/merge-with-isolated-policies.out.yaml
index 8e62bb597d5..92ca64456d4 100644
--- a/internal/gatewayapi/testdata/merge-with-isolated-policies.out.yaml
+++ b/internal/gatewayapi/testdata/merge-with-isolated-policies.out.yaml
@@ -293,7 +293,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -349,7 +349,7 @@ xdsIR:
idleTime: 1200
interval: 60
probes: 3
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/securitypolicy-invalid-cross-ns-ref.out.yaml b/internal/gatewayapi/testdata/securitypolicy-invalid-cross-ns-ref.out.yaml
index 5ce63e62453..d1f9b18c250 100644
--- a/internal/gatewayapi/testdata/securitypolicy-invalid-cross-ns-ref.out.yaml
+++ b/internal/gatewayapi/testdata/securitypolicy-invalid-cross-ns-ref.out.yaml
@@ -90,7 +90,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/securitypolicy-override-replace.out.yaml b/internal/gatewayapi/testdata/securitypolicy-override-replace.out.yaml
index c6f72065531..7b56ed6a0f9 100644
--- a/internal/gatewayapi/testdata/securitypolicy-override-replace.out.yaml
+++ b/internal/gatewayapi/testdata/securitypolicy-override-replace.out.yaml
@@ -300,7 +300,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/securitypolicy-status-conditions.out.yaml b/internal/gatewayapi/testdata/securitypolicy-status-conditions.out.yaml
index 607330a824c..e4898317537 100644
--- a/internal/gatewayapi/testdata/securitypolicy-status-conditions.out.yaml
+++ b/internal/gatewayapi/testdata/securitypolicy-status-conditions.out.yaml
@@ -406,7 +406,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -444,7 +444,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: true
@@ -478,6 +478,6 @@ xdsIR:
name: grpcroute/envoy-gateway/grpcroute-1/rule/0/match/0/*
security: {}
tcp:
- - address: 0.0.0.0
+ - address: '::'
name: envoy-gateway/gateway-2/tcp
port: 10053
diff --git a/internal/gatewayapi/testdata/securitypolicy-with-authoriztion-client-cidr.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-authoriztion-client-cidr.out.yaml
index 82281af294a..01a3b8426dc 100644
--- a/internal/gatewayapi/testdata/securitypolicy-with-authoriztion-client-cidr.out.yaml
+++ b/internal/gatewayapi/testdata/securitypolicy-with-authoriztion-client-cidr.out.yaml
@@ -285,7 +285,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/securitypolicy-with-authoriztion-jwt-claim.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-authoriztion-jwt-claim.out.yaml
index ed422e70031..95885020f69 100644
--- a/internal/gatewayapi/testdata/securitypolicy-with-authoriztion-jwt-claim.out.yaml
+++ b/internal/gatewayapi/testdata/securitypolicy-with-authoriztion-jwt-claim.out.yaml
@@ -154,7 +154,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/securitypolicy-with-basic-auth.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-basic-auth.out.yaml
index b690cb20370..3c0d7e09c02 100644
--- a/internal/gatewayapi/testdata/securitypolicy-with-basic-auth.out.yaml
+++ b/internal/gatewayapi/testdata/securitypolicy-with-basic-auth.out.yaml
@@ -212,7 +212,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -250,7 +250,7 @@ xdsIR:
security:
basicAuth:
name: securitypolicy/default/policy-for-http-route-1
- users: dXNlcjE6e1NIQX10RVNzQm1FL3lOWTNsYjZhMEw2dlZRRVpOcXc9CnVzZXIyOntTSEF9RUo5TFBGRFhzTjl5blNtYnh2anA3NUJtbHg4PQo=
+ users: '[redacted]'
- destination:
name: httproute/default/httproute-1/rule/1
settings:
@@ -274,7 +274,7 @@ xdsIR:
security:
basicAuth:
name: securitypolicy/default/policy-for-http-route-1
- users: dXNlcjE6e1NIQX10RVNzQm1FL3lOWTNsYjZhMEw2dlZRRVpOcXc9CnVzZXIyOntTSEF9RUo5TFBGRFhzTjl5blNtYnh2anA3NUJtbHg4PQo=
+ users: '[redacted]'
- destination:
name: httproute/default/httproute-2/rule/0
settings:
@@ -298,4 +298,4 @@ xdsIR:
security:
basicAuth:
name: securitypolicy/default/policy-for-gateway-1
- users: Zm9vOntTSEF9WXMyM0FnLzVJT1dxWkN3OVFHYVZEZEh3SDAwPQpmb28xOntTSEF9ZGpaMTFxSFkwS09pamV5bUs3YUt2WXV2aHZNPQo=
+ users: '[redacted]'
diff --git a/internal/gatewayapi/testdata/securitypolicy-with-cors-targetrefs.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-cors-targetrefs.out.yaml
index 789da05196b..2842832ec14 100644
--- a/internal/gatewayapi/testdata/securitypolicy-with-cors-targetrefs.out.yaml
+++ b/internal/gatewayapi/testdata/securitypolicy-with-cors-targetrefs.out.yaml
@@ -339,7 +339,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: true
@@ -394,7 +394,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -431,7 +431,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/securitypolicy-with-cors.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-cors.out.yaml
index 3f58304e886..ad7f13fd7bb 100644
--- a/internal/gatewayapi/testdata/securitypolicy-with-cors.out.yaml
+++ b/internal/gatewayapi/testdata/securitypolicy-with-cors.out.yaml
@@ -402,7 +402,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: true
@@ -460,7 +460,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -519,7 +519,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/securitypolicy-with-extauth-backend.in.yaml b/internal/gatewayapi/testdata/securitypolicy-with-extauth-backend.in.yaml
index 78529bf6d73..5d756b3b981 100644
--- a/internal/gatewayapi/testdata/securitypolicy-with-extauth-backend.in.yaml
+++ b/internal/gatewayapi/testdata/securitypolicy-with-extauth-backend.in.yaml
@@ -58,6 +58,44 @@ httpRoutes:
backendRefs:
- name: service-3
port: 8080
+ - apiVersion: gateway.networking.k8s.io/v1
+ kind: HTTPRoute
+ metadata:
+ namespace: default
+ name: httproute-3
+ spec:
+ hostnames:
+ - www.baz.com
+ parentRefs:
+ - namespace: default
+ name: gateway-1
+ sectionName: http
+ rules:
+ - matches:
+ - path:
+ value: /baz
+ backendRefs:
+ - name: service-4
+ port: 8080
+ - apiVersion: gateway.networking.k8s.io/v1
+ kind: HTTPRoute
+ metadata:
+ namespace: default
+ name: httproute-4
+ spec:
+ hostnames:
+ - www.qux.com
+ parentRefs:
+ - namespace: default
+ name: gateway-1
+ sectionName: http
+ rules:
+ - matches:
+ - path:
+ value: /qux
+ backendRefs:
+ - name: service-5
+ port: 8080
backends:
- apiVersion: gateway.envoyproxy.io/v1alpha1
kind: Backend
@@ -108,3 +146,40 @@ securityPolicies:
kind: Backend
group: gateway.envoyproxy.io
port: 3000
+ - apiVersion: gateway.envoyproxy.io/v1alpha1
+ kind: SecurityPolicy
+ metadata:
+ namespace: default
+ name: policy-for-http-route-3--grpc-backendref
+ spec:
+ targetRef:
+ group: gateway.networking.k8s.io
+ kind: HTTPRoute
+ name: httproute-3
+ extAuth:
+ failOpen: true
+ headersToExtAuth:
+ - header3
+ - header4
+ grpc:
+ backendRef:
+ name: service-2
+ kind: Service
+ port: 8080
+ - apiVersion: gateway.envoyproxy.io/v1alpha1
+ kind: SecurityPolicy
+ metadata:
+ namespace: default
+ name: policy-for-http-route-3-http-backendref
+ spec:
+ targetRef:
+ group: gateway.networking.k8s.io
+ kind: HTTPRoute
+ name: httproute-4
+ extAuth:
+ http:
+ backendRef:
+ name: backend-fqdn
+ kind: Backend
+ group: gateway.envoyproxy.io
+ port: 3000
diff --git a/internal/gatewayapi/testdata/securitypolicy-with-extauth-backend.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-extauth-backend.out.yaml
index 05086bae4c8..a2128bd6085 100644
--- a/internal/gatewayapi/testdata/securitypolicy-with-extauth-backend.out.yaml
+++ b/internal/gatewayapi/testdata/securitypolicy-with-extauth-backend.out.yaml
@@ -35,7 +35,7 @@ gateways:
protocol: HTTP
status:
listeners:
- - attachedRoutes: 2
+ - attachedRoutes: 4
conditions:
- lastTransitionTime: null
message: Sending translated listener configuration to the data plane
@@ -141,6 +141,82 @@ httpRoutes:
name: gateway-1
namespace: default
sectionName: http
+- apiVersion: gateway.networking.k8s.io/v1
+ kind: HTTPRoute
+ metadata:
+ creationTimestamp: null
+ name: httproute-3
+ namespace: default
+ spec:
+ hostnames:
+ - www.baz.com
+ parentRefs:
+ - name: gateway-1
+ namespace: default
+ sectionName: http
+ rules:
+ - backendRefs:
+ - name: service-4
+ port: 8080
+ matches:
+ - path:
+ value: /baz
+ status:
+ parents:
+ - conditions:
+ - lastTransitionTime: null
+ message: Route is accepted
+ reason: Accepted
+ status: "True"
+ type: Accepted
+ - lastTransitionTime: null
+ message: Resolved all the Object references for the Route
+ reason: ResolvedRefs
+ status: "True"
+ type: ResolvedRefs
+ controllerName: gateway.envoyproxy.io/gatewayclass-controller
+ parentRef:
+ name: gateway-1
+ namespace: default
+ sectionName: http
+- apiVersion: gateway.networking.k8s.io/v1
+ kind: HTTPRoute
+ metadata:
+ creationTimestamp: null
+ name: httproute-4
+ namespace: default
+ spec:
+ hostnames:
+ - www.qux.com
+ parentRefs:
+ - name: gateway-1
+ namespace: default
+ sectionName: http
+ rules:
+ - backendRefs:
+ - name: service-5
+ port: 8080
+ matches:
+ - path:
+ value: /qux
+ status:
+ parents:
+ - conditions:
+ - lastTransitionTime: null
+ message: Route is accepted
+ reason: Accepted
+ status: "True"
+ type: Accepted
+ - lastTransitionTime: null
+ message: Service default/service-5 not found
+ reason: BackendNotFound
+ status: "False"
+ type: ResolvedRefs
+ controllerName: gateway.envoyproxy.io/gatewayclass-controller
+ parentRef:
+ name: gateway-1
+ namespace: default
+ sectionName: http
infraIR:
default/gateway-1:
proxy:
@@ -198,13 +274,82 @@ securityPolicies:
status: "True"
type: Accepted
controllerName: gateway.envoyproxy.io/gatewayclass-controller
+- apiVersion: gateway.envoyproxy.io/v1alpha1
+ kind: SecurityPolicy
+ metadata:
+ creationTimestamp: null
+ name: policy-for-http-route-3--grpc-backendref
+ namespace: default
+ spec:
+ extAuth:
+ failOpen: true
+ grpc:
+ backendRef:
+ kind: Service
+ name: service-2
+ port: 8080
+ headersToExtAuth:
+ - header3
+ - header4
+ targetRef:
+ group: gateway.networking.k8s.io
+ kind: HTTPRoute
+ name: httproute-3
+ status:
+ ancestors:
+ - ancestorRef:
+ group: gateway.networking.k8s.io
+ kind: Gateway
+ name: gateway-1
+ namespace: default
+ sectionName: http
+ conditions:
+ - lastTransitionTime: null
+ message: Policy has been accepted.
+ reason: Accepted
+ status: "True"
+ type: Accepted
+ controllerName: gateway.envoyproxy.io/gatewayclass-controller
+- apiVersion: gateway.envoyproxy.io/v1alpha1
+ kind: SecurityPolicy
+ metadata:
+ creationTimestamp: null
+ name: policy-for-http-route-3-http-backendref
+ namespace: default
+ spec:
+ extAuth:
+ http:
+ backendRef:
+ group: gateway.envoyproxy.io
+ kind: Backend
+ name: backend-fqdn
+ port: 3000
+ targetRef:
+ group: gateway.networking.k8s.io
+ kind: HTTPRoute
+ name: httproute-4
+ status:
+ ancestors:
+ - ancestorRef:
+ group: gateway.networking.k8s.io
+ kind: Gateway
+ name: gateway-1
+ namespace: default
+ sectionName: http
+ conditions:
+ - lastTransitionTime: null
+ message: Policy has been accepted.
+ reason: Accepted
+ status: "True"
+ type: Accepted
+ controllerName: gateway.envoyproxy.io/gatewayclass-controller
xdsIR:
default/gateway-1:
accessLog:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -245,7 +390,7 @@ xdsIR:
grpc:
authority: service-2.default:8080
destination:
- name: securitypolicy/default/policy-for-http-route-1/0
+ name: securitypolicy/default/policy-for-http-route-1/extauth/0
settings:
- addressType: IP
endpoints:
@@ -289,7 +434,7 @@ xdsIR:
grpc:
authority: service-2.default:8080
destination:
- name: securitypolicy/default/policy-for-http-route-1/0
+ name: securitypolicy/default/policy-for-http-route-1/extauth/0
settings:
- addressType: IP
endpoints:
@@ -327,3 +472,73 @@ xdsIR:
distinct: false
name: ""
prefix: /bar
+ - destination:
+ name: httproute/default/httproute-3/rule/0
+ settings:
+ - addressType: IP
+ endpoints:
+ - host: 7.7.7.7
+ port: 8080
+ protocol: HTTP
+ weight: 1
+ hostname: www.baz.com
+ isHTTP2: false
+ metadata:
+ kind: HTTPRoute
+ name: httproute-3
+ namespace: default
+ name: httproute/default/httproute-3/rule/0/match/0/www_baz_com
+ pathMatch:
+ distinct: false
+ name: ""
+ prefix: /baz
+ security:
+ extAuth:
+ failOpen: true
+ grpc:
+ authority: service-2.default:8080
+ destination:
+ name: securitypolicy/default/policy-for-http-route-3--grpc-backendref/extauth/0
+ settings:
+ - addressType: IP
+ endpoints:
+ - host: 7.7.7.7
+ port: 8080
+ protocol: GRPC
+ weight: 1
+ headersToExtAuth:
+ - header3
+ - header4
+ name: securitypolicy/default/policy-for-http-route-3--grpc-backendref
+ - destination:
+ name: httproute/default/httproute-4/rule/0
+ settings:
+ - weight: 1
+ directResponse:
+ statusCode: 500
+ hostname: www.qux.com
+ isHTTP2: false
+ metadata:
+ kind: HTTPRoute
+ name: httproute-4
+ namespace: default
+ name: httproute/default/httproute-4/rule/0/match/0/www_qux_com
+ pathMatch:
+ distinct: false
+ name: ""
+ prefix: /qux
+ security:
+ extAuth:
+ http:
+ authority: primary.foo.com:3000
+ destination:
+ name: securitypolicy/default/policy-for-http-route-3-http-backendref/extauth/0
+ settings:
+ - addressType: FQDN
+ endpoints:
+ - host: primary.foo.com
+ port: 3000
+ protocol: HTTP
+ weight: 1
+ path: ""
+ name: securitypolicy/default/policy-for-http-route-3-http-backendref
diff --git a/internal/gatewayapi/testdata/securitypolicy-with-extauth-backendref.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-extauth-backendref.out.yaml
index 905b81b3cba..ded079e5c9c 100644
--- a/internal/gatewayapi/testdata/securitypolicy-with-extauth-backendref.out.yaml
+++ b/internal/gatewayapi/testdata/securitypolicy-with-extauth-backendref.out.yaml
@@ -222,7 +222,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -263,7 +263,7 @@ xdsIR:
grpc:
authority: grpc-backend.default:9000
destination:
- name: securitypolicy/default/policy-for-http-route-1/0
+ name: securitypolicy/default/policy-for-http-route-1/extauth/0
settings:
- addressType: IP
endpoints:
@@ -301,7 +301,7 @@ xdsIR:
grpc:
authority: grpc-backend.default:9000
destination:
- name: securitypolicy/default/policy-for-http-route-1/0
+ name: securitypolicy/default/policy-for-http-route-1/extauth/0
settings:
- addressType: IP
endpoints:
@@ -339,7 +339,7 @@ xdsIR:
http:
authority: http-backend.envoy-gateway:80
destination:
- name: securitypolicy/default/policy-for-gateway-1/0
+ name: securitypolicy/default/policy-for-gateway-1/extauth/0
settings:
- addressType: IP
endpoints:
diff --git a/internal/gatewayapi/testdata/securitypolicy-with-extauth-invalid-no-matching-port.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-extauth-invalid-no-matching-port.out.yaml
index c5bf4237f52..d27a3cb2db2 100644
--- a/internal/gatewayapi/testdata/securitypolicy-with-extauth-invalid-no-matching-port.out.yaml
+++ b/internal/gatewayapi/testdata/securitypolicy-with-extauth-invalid-no-matching-port.out.yaml
@@ -136,7 +136,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/securitypolicy-with-extauth-invalid-no-port.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-extauth-invalid-no-port.out.yaml
index 3f5e60f11e8..2bab8201c1d 100644
--- a/internal/gatewayapi/testdata/securitypolicy-with-extauth-invalid-no-port.out.yaml
+++ b/internal/gatewayapi/testdata/securitypolicy-with-extauth-invalid-no-port.out.yaml
@@ -136,7 +136,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/securitypolicy-with-extauth-invalid-no-reference-grant.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-extauth-invalid-no-reference-grant.out.yaml
index 1f8fd280ad6..c85015431dc 100644
--- a/internal/gatewayapi/testdata/securitypolicy-with-extauth-invalid-no-reference-grant.out.yaml
+++ b/internal/gatewayapi/testdata/securitypolicy-with-extauth-invalid-no-reference-grant.out.yaml
@@ -137,7 +137,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/securitypolicy-with-extauth-invalid-no-service.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-extauth-invalid-no-service.out.yaml
index 294267b90e0..fecdfd343c3 100644
--- a/internal/gatewayapi/testdata/securitypolicy-with-extauth-invalid-no-service.out.yaml
+++ b/internal/gatewayapi/testdata/securitypolicy-with-extauth-invalid-no-service.out.yaml
@@ -136,7 +136,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/securitypolicy-with-extauth-recomputation.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-extauth-recomputation.out.yaml
index 94012ec739a..8485328ac78 100644
--- a/internal/gatewayapi/testdata/securitypolicy-with-extauth-recomputation.out.yaml
+++ b/internal/gatewayapi/testdata/securitypolicy-with-extauth-recomputation.out.yaml
@@ -205,7 +205,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -246,7 +246,7 @@ xdsIR:
grpc:
authority: service-2.default:8080
destination:
- name: securitypolicy/default/policy-for-http-route-1/0
+ name: securitypolicy/default/policy-for-http-route-1/extauth/0
settings:
- addressType: IP
endpoints:
@@ -291,7 +291,7 @@ xdsIR:
grpc:
authority: service-2.default:8080
destination:
- name: securitypolicy/default/policy-for-http-route-1/0
+ name: securitypolicy/default/policy-for-http-route-1/extauth/0
settings:
- addressType: IP
endpoints:
diff --git a/internal/gatewayapi/testdata/securitypolicy-with-extauth-with-backendtlspolicy.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-extauth-with-backendtlspolicy.out.yaml
index 7c4b2ce2739..4eca64d1a07 100644
--- a/internal/gatewayapi/testdata/securitypolicy-with-extauth-with-backendtlspolicy.out.yaml
+++ b/internal/gatewayapi/testdata/securitypolicy-with-extauth-with-backendtlspolicy.out.yaml
@@ -281,7 +281,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -322,7 +322,7 @@ xdsIR:
grpc:
authority: grpc-backend.default:9000
destination:
- name: securitypolicy/default/policy-for-http-route/0
+ name: securitypolicy/default/policy-for-http-route/extauth/0
settings:
- addressType: IP
endpoints:
@@ -366,7 +366,7 @@ xdsIR:
http:
authority: http-backend.envoy-gateway:80
destination:
- name: securitypolicy/default/policy-for-gateway/0
+ name: securitypolicy/default/policy-for-gateway/extauth/0
settings:
- addressType: IP
endpoints:
diff --git a/internal/gatewayapi/testdata/securitypolicy-with-extauth.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-extauth.out.yaml
index 905b81b3cba..ded079e5c9c 100644
--- a/internal/gatewayapi/testdata/securitypolicy-with-extauth.out.yaml
+++ b/internal/gatewayapi/testdata/securitypolicy-with-extauth.out.yaml
@@ -222,7 +222,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -263,7 +263,7 @@ xdsIR:
grpc:
authority: grpc-backend.default:9000
destination:
- name: securitypolicy/default/policy-for-http-route-1/0
+ name: securitypolicy/default/policy-for-http-route-1/extauth/0
settings:
- addressType: IP
endpoints:
@@ -301,7 +301,7 @@ xdsIR:
grpc:
authority: grpc-backend.default:9000
destination:
- name: securitypolicy/default/policy-for-http-route-1/0
+ name: securitypolicy/default/policy-for-http-route-1/extauth/0
settings:
- addressType: IP
endpoints:
@@ -339,7 +339,7 @@ xdsIR:
http:
authority: http-backend.envoy-gateway:80
destination:
- name: securitypolicy/default/policy-for-gateway-1/0
+ name: securitypolicy/default/policy-for-gateway-1/extauth/0
settings:
- addressType: IP
endpoints:
diff --git a/internal/gatewayapi/testdata/securitypolicy-with-jwt-and-invalid-oidc.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-jwt-and-invalid-oidc.out.yaml
index d5731870d17..37aa96f24a1 100644
--- a/internal/gatewayapi/testdata/securitypolicy-with-jwt-and-invalid-oidc.out.yaml
+++ b/internal/gatewayapi/testdata/securitypolicy-with-jwt-and-invalid-oidc.out.yaml
@@ -234,7 +234,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/securitypolicy-with-jwt-optional.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-jwt-optional.out.yaml
index 711d30f0d14..fcbe359dce5 100644
--- a/internal/gatewayapi/testdata/securitypolicy-with-jwt-optional.out.yaml
+++ b/internal/gatewayapi/testdata/securitypolicy-with-jwt-optional.out.yaml
@@ -281,7 +281,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: true
@@ -338,7 +338,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/securitypolicy-with-jwt-with-custom-extractor.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-jwt-with-custom-extractor.out.yaml
index c892bef7e4f..180b40be7f3 100644
--- a/internal/gatewayapi/testdata/securitypolicy-with-jwt-with-custom-extractor.out.yaml
+++ b/internal/gatewayapi/testdata/securitypolicy-with-jwt-with-custom-extractor.out.yaml
@@ -280,7 +280,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: true
@@ -337,7 +337,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/securitypolicy-with-jwt.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-jwt.out.yaml
index 704961a0476..54a652f4e27 100644
--- a/internal/gatewayapi/testdata/securitypolicy-with-jwt.out.yaml
+++ b/internal/gatewayapi/testdata/securitypolicy-with-jwt.out.yaml
@@ -272,7 +272,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: true
@@ -329,7 +329,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/securitypolicy-with-oidc-backendcluster.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-oidc-backendcluster.out.yaml
index d6f0c4dbc47..092a2169ed7 100644
--- a/internal/gatewayapi/testdata/securitypolicy-with-oidc-backendcluster.out.yaml
+++ b/internal/gatewayapi/testdata/securitypolicy-with-oidc-backendcluster.out.yaml
@@ -179,7 +179,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -217,18 +217,18 @@ xdsIR:
security:
oidc:
clientID: client1.apps.googleusercontent.com
- clientSecret: Y2xpZW50MTpzZWNyZXQK
+ clientSecret: '[redacted]'
cookieSuffix: b0a1b740
defaultRefreshTokenTTL: 24h0m0s
defaultTokenTTL: 30m0s
forwardAccessToken: true
- hmacSecret: qrOYACHXoe7UEDI/raOjNSx+Z9ufXSc/22C3T6X/zPY=
+ hmacSecret: '[redacted]'
logoutPath: /bar/logout
name: securitypolicy/envoy-gateway/policy-for-gateway
provider:
authorizationEndpoint: https://oauth.foo.com/oauth2/v2/auth
destination:
- name: securitypolicy/envoy-gateway/policy-for-gateway/0
+ name: securitypolicy/envoy-gateway/policy-for-gateway/oidc/0
settings:
- addressType: FQDN
endpoints:
diff --git a/internal/gatewayapi/testdata/securitypolicy-with-oidc-custom-cookies.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-oidc-custom-cookies.out.yaml
index 2482d1bc05b..4f58b2a71f4 100644
--- a/internal/gatewayapi/testdata/securitypolicy-with-oidc-custom-cookies.out.yaml
+++ b/internal/gatewayapi/testdata/securitypolicy-with-oidc-custom-cookies.out.yaml
@@ -140,7 +140,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -178,12 +178,12 @@ xdsIR:
security:
oidc:
clientID: client1.apps.googleusercontent.com
- clientSecret: Y2xpZW50MTpzZWNyZXQK
+ clientSecret: '[redacted]'
cookieNameOverrides:
accessToken: CustomAccessTokenCookie
idToken: CustomIdTokenCookie
cookieSuffix: b0a1b740
- hmacSecret: qrOYACHXoe7UEDI/raOjNSx+Z9ufXSc/22C3T6X/zPY=
+ hmacSecret: '[redacted]'
logoutPath: /bar/logout
name: securitypolicy/envoy-gateway/policy-for-gateway
provider:
diff --git a/internal/gatewayapi/testdata/securitypolicy-with-oidc-invalid-issuer.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-oidc-invalid-issuer.out.yaml
index caf951bcc40..4c64216743a 100644
--- a/internal/gatewayapi/testdata/securitypolicy-with-oidc-invalid-issuer.out.yaml
+++ b/internal/gatewayapi/testdata/securitypolicy-with-oidc-invalid-issuer.out.yaml
@@ -97,7 +97,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/securitypolicy-with-oidc-invalid-secretref.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-oidc-invalid-secretref.out.yaml
index 319d6bcfe58..d5025efe61f 100644
--- a/internal/gatewayapi/testdata/securitypolicy-with-oidc-invalid-secretref.out.yaml
+++ b/internal/gatewayapi/testdata/securitypolicy-with-oidc-invalid-secretref.out.yaml
@@ -281,7 +281,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -300,7 +300,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -319,7 +319,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/securitypolicy-with-oidc.out.yaml b/internal/gatewayapi/testdata/securitypolicy-with-oidc.out.yaml
index 5f327af8752..edba4b82b0d 100644
--- a/internal/gatewayapi/testdata/securitypolicy-with-oidc.out.yaml
+++ b/internal/gatewayapi/testdata/securitypolicy-with-oidc.out.yaml
@@ -235,7 +235,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -273,13 +273,13 @@ xdsIR:
security:
oidc:
clientID: client2.oauth.foo.com
- clientSecret: Y2xpZW50MTpzZWNyZXQK
+ clientSecret: '[redacted]'
cookieDomain: example.com
cookieSuffix: 5f93c2e4
defaultRefreshTokenTTL: 48h0m0s
defaultTokenTTL: 1h0m0s
forwardAccessToken: true
- hmacSecret: qrOYACHXoe7UEDI/raOjNSx+Z9ufXSc/22C3T6X/zPY=
+ hmacSecret: '[redacted]'
logoutPath: /foo/logout
name: securitypolicy/default/policy-for-http-route
provider:
@@ -317,12 +317,12 @@ xdsIR:
security:
oidc:
clientID: client1.apps.googleusercontent.com
- clientSecret: Y2xpZW50MTpzZWNyZXQK
+ clientSecret: '[redacted]'
cookieSuffix: b0a1b740
defaultRefreshTokenTTL: 24h0m0s
defaultTokenTTL: 30m0s
forwardAccessToken: true
- hmacSecret: qrOYACHXoe7UEDI/raOjNSx+Z9ufXSc/22C3T6X/zPY=
+ hmacSecret: '[redacted]'
logoutPath: /bar/logout
name: securitypolicy/envoy-gateway/policy-for-gateway
provider:
diff --git a/internal/gatewayapi/testdata/tcproute-attaching-to-gateway-with-listener-tls-terminate.out.yaml b/internal/gatewayapi/testdata/tcproute-attaching-to-gateway-with-listener-tls-terminate.out.yaml
index 7a4f2288ace..acb5295b43b 100644
--- a/internal/gatewayapi/testdata/tcproute-attaching-to-gateway-with-listener-tls-terminate.out.yaml
+++ b/internal/gatewayapi/testdata/tcproute-attaching-to-gateway-with-listener-tls-terminate.out.yaml
@@ -166,7 +166,7 @@ xdsIR:
text:
- path: /dev/stdout
tcp:
- - address: 0.0.0.0
+ - address: '::'
name: envoy-gateway/gateway-1/tls
port: 10090
routes:
@@ -185,15 +185,15 @@ xdsIR:
alpnProtocols: []
certificates:
- name: envoy-gateway/tls-secret-1
- privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2QwZlBDYWtweE1nUnUKT0VXQjFiQk5FM3ZseW55aTZWbkV2VWF1OUhvakR2UHVPTFJIaGI4MmoyY1ovMHhnL1lKR09LelBuV2JERkxGNApHdWh3dDRENmFUR0xYNklPODEwTDZ0SXZIWGZNUXRJS2VwdTZ3K3p1WVo4bG1yejB1RjZlWEtqamVIbHhyb2ZrCnVNekM3OUVaU0lYZlZlczJ1SmdVRSs4VGFzSDUzQ2Y4MFNSRGlIeEdxckttdVNjWCtwejBreGdCZ1VWYTVVS20KUWdTZDFmVUxLOUEwNXAxOXkrdURPM204bVhRNkxVQ0N1STFwZHNROGFlNS9zamlxa0VjWlJjMTdWYVgxWjVVaQpvcGZnNW9SY05VTG9VTHNiek9aNTR0YlVDUmdSV2VLbGZxaElINEZ6OUlkVlUyR3dFdEdhMmV6TjgyMVBaQ3QzCjZhbVRIelJsQWdNQkFBRUNnZ0VBWTFGTUlLNDVXTkVNUHJ6RTZUY3NNdVV2RkdhQVZ4bVk5NW5SMEtwajdvb3IKY21CVys2ZXN0TTQ4S1AwaitPbXd3VFpMY29Cd3VoWGN0V1Bob1lXcDhteWUxRUlEdjNyaHRHMDdocEQ1NGg2dgpCZzh3ejdFYStzMk9sT0N6UnlKNzBSY281YlhjWDNGaGJjdnFlRWJwaFFyQnpOSEtLMjZ4cmZqNWZIT3p6T1FGCmJHdUZ3SDVic3JGdFhlajJXM3c4eW90N0ZQSDV3S3RpdnhvSWU5RjMyOXNnOU9EQnZqWnpiaG1LVTArckFTK1kKRGVield2bFJyaEUrbXVmQTN6M0N0QXhDOFJpNzNscFNoTDRQQWlvcG1SUXlxZXRXMjYzOFFxcnM0R3hnNzhwbApJUXJXTmNBc2s3Slg5d3RZenV6UFBXSXRWTTFscFJiQVRhNTJqdFl2NVFLQmdRRE5tMTFtZTRYam1ZSFV2cStZCmFTUzdwK2UybXZEMHVaOU9JeFluQnBWMGkrckNlYnFFMkE1Rm5hcDQ5Yld4QTgwUElldlVkeUpCL2pUUkoxcVMKRUpXQkpMWm1LVkg2K1QwdWw1ZUtOcWxFTFZHU0dCSXNpeE9SUXpDZHBoMkx0UmtBMHVjSVUzY3hiUmVMZkZCRQpiSkdZWENCdlNGcWd0VDlvZTFldVpMVmFOd0tCZ1FERWdENzJENk81eGIweEQ1NDQ1M0RPMUJhZmd6aThCWDRTCk1SaVd2LzFUQ0w5N05sRWtoeXovNmtQd1owbXJRcE5CMzZFdkpKZFVteHdkU2MyWDhrOGcxMC85NVlLQkdWQWoKL3d0YVZYbE9WeEFvK0ZSelpZeFpyQ29uWWFSMHVwUzFybDRtenN4REhlZU9mUVZUTUgwUjdZN0pnbTA5dXQ4SwplanAvSXZBb1F3S0JnQjNaRWlRUWhvMVYrWjBTMlpiOG5KS0plMy9zMmxJTXFHM0ZkaS9RS3Q0eWViQWx6OGY5ClBZVXBzRmZEQTg5Z3grSU1nSm5sZVptdTk2ZnRXSjZmdmJSenllN216TG5zZU05TXZua1lHbGFGWmJRWnZubXMKN3ZoRmtzY3dHRlh4d21GMlBJZmU1Z3pNMDRBeVdjeTFIaVhLS2dNOXM3cGsxWUdyZGowZzdacmRBb0dCQUtLNApDR3MrbkRmMEZTMFJYOWFEWVJrRTdBNy9YUFhtSG5YMkRnU1h5N0Q4NTRPaWdTTWNoUmtPNTErbVNJejNQbllvCk41T1FXM2lHVVl1M1YvYmhnc0VSUzM1V2xmRk9BdDBzRUR5bjF5SVdXcDF5dG93d3BUNkVvUXVuZ2NYZjA5RjMKS1NROXowd3M4VmsvRWkvSFVXcU5LOWFXbU51cmFaT0ZqL2REK1ZkOUFvR0FMWFN3dEE3K043RDRkN0VEMURSRQpHTWdZNVd3OHFvdDZSdUNlNkpUY0FnU3B1MkhNU3JVY2dXclpiQnJZb09FUnVNQjFoMVJydk5ybU1qQlM0VW9FClgyZC8vbGhpOG1wL2VESWN3UDNRa2puanBJRFJWMFN1eWxrUkVaZURKZjVZb3R6eDdFdkJhbzFIbkQrWEg4eUIKVUtmWGJTaHZKVUdhRmgxT3Q1Y3JoM1k9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
+ privateKey: '[redacted]'
serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUREVENDQWZXZ0F3SUJBZ0lVRUZNaFA5ZUo5WEFCV3NRNVptNmJSazJjTE5Rd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZqRVVNQklHQTFVRUF3d0xabTl2TG1KaGNpNWpiMjB3SGhjTk1qUXdNakk1TURrek1ERXdXaGNOTXpRdwpNakkyTURrek1ERXdXakFXTVJRd0VnWURWUVFEREF0bWIyOHVZbUZ5TG1OdmJUQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFKbEk2WXhFOVprQ1BzNnBDUXhickNtZWl4OVA1RGZ4OVJ1NUxENFQKSm1kVzdJS2R0UVYvd2ZMbXRzdTc2QithVGRDaldlMEJUZmVPT1JCYlIzY1BBRzZFbFFMaWNsUVVydW4zcStncwpKcEsrSTdjSStqNXc4STY4WEg1V1E3clZVdGJ3SHBxYncrY1ZuQnFJVU9MaUlhdGpJZjdLWDUxTTF1RjljZkVICkU0RG5jSDZyYnI1OS9SRlpCc2toeHM1T3p3Sklmb2hreXZGd2V1VHd4Sy9WcGpJKzdPYzQ4QUJDWHBOTzlEL3EKRWgrck9hdWpBTWNYZ0hRSVRrQ2lpVVRjVW82TFNIOXZMWlB0YXFmem9acTZuaE1xcFc2NUUxcEF3RjNqeVRUeAphNUk4SmNmU0Zqa2llWjIwTFVRTW43TThVNHhIamFvL2d2SDBDQWZkQjdSTFUyc0NBd0VBQWFOVE1GRXdIUVlEClZSME9CQllFRk9SQ0U4dS8xRERXN2loWnA3Y3g5dFNtUG02T01COEdBMVVkSXdRWU1CYUFGT1JDRTh1LzFERFcKN2loWnA3Y3g5dFNtUG02T01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQgpBRnQ1M3pqc3FUYUg1YThFMmNodm1XQWdDcnhSSzhiVkxNeGl3TkdqYm1FUFJ6K3c2TngrazBBOEtFY0lEc0tjClNYY2k1OHU0b1didFZKQmx6YS9adWpIUjZQMUJuT3BsK2FveTc4NGJiZDRQMzl3VExvWGZNZmJCQ20xdmV2aDkKQUpLbncyWnRxcjRta2JMY3hFcWxxM3NCTEZBUzlzUUxuS05DZTJjR0xkVHAyYm9HK3FjZ3lRZ0NJTTZmOEVNdgpXUGlmQ01NR3V6Sy9HUkY0YlBPL1lGNDhld0R1M1VlaWgwWFhkVUFPRTlDdFVhOE5JaGMxVVBhT3pQcnRZVnFyClpPR2t2L0t1K0I3OGg4U0VzTzlYclFjdXdiT25KeDZLdFIrYWV5a3ZBcFhDUTNmWkMvYllLQUFSK1A4QUpvUVoKYndJVW1YaTRnajVtK2JLUGhlK2lyK0U9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
tls:
alpnProtocols: []
certificates:
- name: envoy-gateway/tls-secret-1
- privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2QwZlBDYWtweE1nUnUKT0VXQjFiQk5FM3ZseW55aTZWbkV2VWF1OUhvakR2UHVPTFJIaGI4MmoyY1ovMHhnL1lKR09LelBuV2JERkxGNApHdWh3dDRENmFUR0xYNklPODEwTDZ0SXZIWGZNUXRJS2VwdTZ3K3p1WVo4bG1yejB1RjZlWEtqamVIbHhyb2ZrCnVNekM3OUVaU0lYZlZlczJ1SmdVRSs4VGFzSDUzQ2Y4MFNSRGlIeEdxckttdVNjWCtwejBreGdCZ1VWYTVVS20KUWdTZDFmVUxLOUEwNXAxOXkrdURPM204bVhRNkxVQ0N1STFwZHNROGFlNS9zamlxa0VjWlJjMTdWYVgxWjVVaQpvcGZnNW9SY05VTG9VTHNiek9aNTR0YlVDUmdSV2VLbGZxaElINEZ6OUlkVlUyR3dFdEdhMmV6TjgyMVBaQ3QzCjZhbVRIelJsQWdNQkFBRUNnZ0VBWTFGTUlLNDVXTkVNUHJ6RTZUY3NNdVV2RkdhQVZ4bVk5NW5SMEtwajdvb3IKY21CVys2ZXN0TTQ4S1AwaitPbXd3VFpMY29Cd3VoWGN0V1Bob1lXcDhteWUxRUlEdjNyaHRHMDdocEQ1NGg2dgpCZzh3ejdFYStzMk9sT0N6UnlKNzBSY281YlhjWDNGaGJjdnFlRWJwaFFyQnpOSEtLMjZ4cmZqNWZIT3p6T1FGCmJHdUZ3SDVic3JGdFhlajJXM3c4eW90N0ZQSDV3S3RpdnhvSWU5RjMyOXNnOU9EQnZqWnpiaG1LVTArckFTK1kKRGVield2bFJyaEUrbXVmQTN6M0N0QXhDOFJpNzNscFNoTDRQQWlvcG1SUXlxZXRXMjYzOFFxcnM0R3hnNzhwbApJUXJXTmNBc2s3Slg5d3RZenV6UFBXSXRWTTFscFJiQVRhNTJqdFl2NVFLQmdRRE5tMTFtZTRYam1ZSFV2cStZCmFTUzdwK2UybXZEMHVaOU9JeFluQnBWMGkrckNlYnFFMkE1Rm5hcDQ5Yld4QTgwUElldlVkeUpCL2pUUkoxcVMKRUpXQkpMWm1LVkg2K1QwdWw1ZUtOcWxFTFZHU0dCSXNpeE9SUXpDZHBoMkx0UmtBMHVjSVUzY3hiUmVMZkZCRQpiSkdZWENCdlNGcWd0VDlvZTFldVpMVmFOd0tCZ1FERWdENzJENk81eGIweEQ1NDQ1M0RPMUJhZmd6aThCWDRTCk1SaVd2LzFUQ0w5N05sRWtoeXovNmtQd1owbXJRcE5CMzZFdkpKZFVteHdkU2MyWDhrOGcxMC85NVlLQkdWQWoKL3d0YVZYbE9WeEFvK0ZSelpZeFpyQ29uWWFSMHVwUzFybDRtenN4REhlZU9mUVZUTUgwUjdZN0pnbTA5dXQ4SwplanAvSXZBb1F3S0JnQjNaRWlRUWhvMVYrWjBTMlpiOG5KS0plMy9zMmxJTXFHM0ZkaS9RS3Q0eWViQWx6OGY5ClBZVXBzRmZEQTg5Z3grSU1nSm5sZVptdTk2ZnRXSjZmdmJSenllN216TG5zZU05TXZua1lHbGFGWmJRWnZubXMKN3ZoRmtzY3dHRlh4d21GMlBJZmU1Z3pNMDRBeVdjeTFIaVhLS2dNOXM3cGsxWUdyZGowZzdacmRBb0dCQUtLNApDR3MrbkRmMEZTMFJYOWFEWVJrRTdBNy9YUFhtSG5YMkRnU1h5N0Q4NTRPaWdTTWNoUmtPNTErbVNJejNQbllvCk41T1FXM2lHVVl1M1YvYmhnc0VSUzM1V2xmRk9BdDBzRUR5bjF5SVdXcDF5dG93d3BUNkVvUXVuZ2NYZjA5RjMKS1NROXowd3M4VmsvRWkvSFVXcU5LOWFXbU51cmFaT0ZqL2REK1ZkOUFvR0FMWFN3dEE3K043RDRkN0VEMURSRQpHTWdZNVd3OHFvdDZSdUNlNkpUY0FnU3B1MkhNU3JVY2dXclpiQnJZb09FUnVNQjFoMVJydk5ybU1qQlM0VW9FClgyZC8vbGhpOG1wL2VESWN3UDNRa2puanBJRFJWMFN1eWxrUkVaZURKZjVZb3R6eDdFdkJhbzFIbkQrWEg4eUIKVUtmWGJTaHZKVUdhRmgxT3Q1Y3JoM1k9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
+ privateKey: '[redacted]'
serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUREVENDQWZXZ0F3SUJBZ0lVRUZNaFA5ZUo5WEFCV3NRNVptNmJSazJjTE5Rd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZqRVVNQklHQTFVRUF3d0xabTl2TG1KaGNpNWpiMjB3SGhjTk1qUXdNakk1TURrek1ERXdXaGNOTXpRdwpNakkyTURrek1ERXdXakFXTVJRd0VnWURWUVFEREF0bWIyOHVZbUZ5TG1OdmJUQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFKbEk2WXhFOVprQ1BzNnBDUXhickNtZWl4OVA1RGZ4OVJ1NUxENFQKSm1kVzdJS2R0UVYvd2ZMbXRzdTc2QithVGRDaldlMEJUZmVPT1JCYlIzY1BBRzZFbFFMaWNsUVVydW4zcStncwpKcEsrSTdjSStqNXc4STY4WEg1V1E3clZVdGJ3SHBxYncrY1ZuQnFJVU9MaUlhdGpJZjdLWDUxTTF1RjljZkVICkU0RG5jSDZyYnI1OS9SRlpCc2toeHM1T3p3Sklmb2hreXZGd2V1VHd4Sy9WcGpJKzdPYzQ4QUJDWHBOTzlEL3EKRWgrck9hdWpBTWNYZ0hRSVRrQ2lpVVRjVW82TFNIOXZMWlB0YXFmem9acTZuaE1xcFc2NUUxcEF3RjNqeVRUeAphNUk4SmNmU0Zqa2llWjIwTFVRTW43TThVNHhIamFvL2d2SDBDQWZkQjdSTFUyc0NBd0VBQWFOVE1GRXdIUVlEClZSME9CQllFRk9SQ0U4dS8xRERXN2loWnA3Y3g5dFNtUG02T01COEdBMVVkSXdRWU1CYUFGT1JDRTh1LzFERFcKN2loWnA3Y3g5dFNtUG02T01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQgpBRnQ1M3pqc3FUYUg1YThFMmNodm1XQWdDcnhSSzhiVkxNeGl3TkdqYm1FUFJ6K3c2TngrazBBOEtFY0lEc0tjClNYY2k1OHU0b1didFZKQmx6YS9adWpIUjZQMUJuT3BsK2FveTc4NGJiZDRQMzl3VExvWGZNZmJCQ20xdmV2aDkKQUpLbncyWnRxcjRta2JMY3hFcWxxM3NCTEZBUzlzUUxuS05DZTJjR0xkVHAyYm9HK3FjZ3lRZ0NJTTZmOEVNdgpXUGlmQ01NR3V6Sy9HUkY0YlBPL1lGNDhld0R1M1VlaWgwWFhkVUFPRTlDdFVhOE5JaGMxVVBhT3pQcnRZVnFyClpPR2t2L0t1K0I3OGg4U0VzTzlYclFjdXdiT25KeDZLdFIrYWV5a3ZBcFhDUTNmWkMvYllLQUFSK1A4QUpvUVoKYndJVW1YaTRnajVtK2JLUGhlK2lyK0U9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
- - address: 0.0.0.0
+ - address: '::'
name: envoy-gateway/gateway-1/tls-hostname
port: 10090
routes:
@@ -215,11 +215,11 @@ xdsIR:
alpnProtocols: []
certificates:
- name: envoy-gateway/tls-secret-1
- privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2QwZlBDYWtweE1nUnUKT0VXQjFiQk5FM3ZseW55aTZWbkV2VWF1OUhvakR2UHVPTFJIaGI4MmoyY1ovMHhnL1lKR09LelBuV2JERkxGNApHdWh3dDRENmFUR0xYNklPODEwTDZ0SXZIWGZNUXRJS2VwdTZ3K3p1WVo4bG1yejB1RjZlWEtqamVIbHhyb2ZrCnVNekM3OUVaU0lYZlZlczJ1SmdVRSs4VGFzSDUzQ2Y4MFNSRGlIeEdxckttdVNjWCtwejBreGdCZ1VWYTVVS20KUWdTZDFmVUxLOUEwNXAxOXkrdURPM204bVhRNkxVQ0N1STFwZHNROGFlNS9zamlxa0VjWlJjMTdWYVgxWjVVaQpvcGZnNW9SY05VTG9VTHNiek9aNTR0YlVDUmdSV2VLbGZxaElINEZ6OUlkVlUyR3dFdEdhMmV6TjgyMVBaQ3QzCjZhbVRIelJsQWdNQkFBRUNnZ0VBWTFGTUlLNDVXTkVNUHJ6RTZUY3NNdVV2RkdhQVZ4bVk5NW5SMEtwajdvb3IKY21CVys2ZXN0TTQ4S1AwaitPbXd3VFpMY29Cd3VoWGN0V1Bob1lXcDhteWUxRUlEdjNyaHRHMDdocEQ1NGg2dgpCZzh3ejdFYStzMk9sT0N6UnlKNzBSY281YlhjWDNGaGJjdnFlRWJwaFFyQnpOSEtLMjZ4cmZqNWZIT3p6T1FGCmJHdUZ3SDVic3JGdFhlajJXM3c4eW90N0ZQSDV3S3RpdnhvSWU5RjMyOXNnOU9EQnZqWnpiaG1LVTArckFTK1kKRGVield2bFJyaEUrbXVmQTN6M0N0QXhDOFJpNzNscFNoTDRQQWlvcG1SUXlxZXRXMjYzOFFxcnM0R3hnNzhwbApJUXJXTmNBc2s3Slg5d3RZenV6UFBXSXRWTTFscFJiQVRhNTJqdFl2NVFLQmdRRE5tMTFtZTRYam1ZSFV2cStZCmFTUzdwK2UybXZEMHVaOU9JeFluQnBWMGkrckNlYnFFMkE1Rm5hcDQ5Yld4QTgwUElldlVkeUpCL2pUUkoxcVMKRUpXQkpMWm1LVkg2K1QwdWw1ZUtOcWxFTFZHU0dCSXNpeE9SUXpDZHBoMkx0UmtBMHVjSVUzY3hiUmVMZkZCRQpiSkdZWENCdlNGcWd0VDlvZTFldVpMVmFOd0tCZ1FERWdENzJENk81eGIweEQ1NDQ1M0RPMUJhZmd6aThCWDRTCk1SaVd2LzFUQ0w5N05sRWtoeXovNmtQd1owbXJRcE5CMzZFdkpKZFVteHdkU2MyWDhrOGcxMC85NVlLQkdWQWoKL3d0YVZYbE9WeEFvK0ZSelpZeFpyQ29uWWFSMHVwUzFybDRtenN4REhlZU9mUVZUTUgwUjdZN0pnbTA5dXQ4SwplanAvSXZBb1F3S0JnQjNaRWlRUWhvMVYrWjBTMlpiOG5KS0plMy9zMmxJTXFHM0ZkaS9RS3Q0eWViQWx6OGY5ClBZVXBzRmZEQTg5Z3grSU1nSm5sZVptdTk2ZnRXSjZmdmJSenllN216TG5zZU05TXZua1lHbGFGWmJRWnZubXMKN3ZoRmtzY3dHRlh4d21GMlBJZmU1Z3pNMDRBeVdjeTFIaVhLS2dNOXM3cGsxWUdyZGowZzdacmRBb0dCQUtLNApDR3MrbkRmMEZTMFJYOWFEWVJrRTdBNy9YUFhtSG5YMkRnU1h5N0Q4NTRPaWdTTWNoUmtPNTErbVNJejNQbllvCk41T1FXM2lHVVl1M1YvYmhnc0VSUzM1V2xmRk9BdDBzRUR5bjF5SVdXcDF5dG93d3BUNkVvUXVuZ2NYZjA5RjMKS1NROXowd3M4VmsvRWkvSFVXcU5LOWFXbU51cmFaT0ZqL2REK1ZkOUFvR0FMWFN3dEE3K043RDRkN0VEMURSRQpHTWdZNVd3OHFvdDZSdUNlNkpUY0FnU3B1MkhNU3JVY2dXclpiQnJZb09FUnVNQjFoMVJydk5ybU1qQlM0VW9FClgyZC8vbGhpOG1wL2VESWN3UDNRa2puanBJRFJWMFN1eWxrUkVaZURKZjVZb3R6eDdFdkJhbzFIbkQrWEg4eUIKVUtmWGJTaHZKVUdhRmgxT3Q1Y3JoM1k9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
+ privateKey: '[redacted]'
serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUREVENDQWZXZ0F3SUJBZ0lVRUZNaFA5ZUo5WEFCV3NRNVptNmJSazJjTE5Rd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZqRVVNQklHQTFVRUF3d0xabTl2TG1KaGNpNWpiMjB3SGhjTk1qUXdNakk1TURrek1ERXdXaGNOTXpRdwpNakkyTURrek1ERXdXakFXTVJRd0VnWURWUVFEREF0bWIyOHVZbUZ5TG1OdmJUQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFKbEk2WXhFOVprQ1BzNnBDUXhickNtZWl4OVA1RGZ4OVJ1NUxENFQKSm1kVzdJS2R0UVYvd2ZMbXRzdTc2QithVGRDaldlMEJUZmVPT1JCYlIzY1BBRzZFbFFMaWNsUVVydW4zcStncwpKcEsrSTdjSStqNXc4STY4WEg1V1E3clZVdGJ3SHBxYncrY1ZuQnFJVU9MaUlhdGpJZjdLWDUxTTF1RjljZkVICkU0RG5jSDZyYnI1OS9SRlpCc2toeHM1T3p3Sklmb2hreXZGd2V1VHd4Sy9WcGpJKzdPYzQ4QUJDWHBOTzlEL3EKRWgrck9hdWpBTWNYZ0hRSVRrQ2lpVVRjVW82TFNIOXZMWlB0YXFmem9acTZuaE1xcFc2NUUxcEF3RjNqeVRUeAphNUk4SmNmU0Zqa2llWjIwTFVRTW43TThVNHhIamFvL2d2SDBDQWZkQjdSTFUyc0NBd0VBQWFOVE1GRXdIUVlEClZSME9CQllFRk9SQ0U4dS8xRERXN2loWnA3Y3g5dFNtUG02T01COEdBMVVkSXdRWU1CYUFGT1JDRTh1LzFERFcKN2loWnA3Y3g5dFNtUG02T01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQgpBRnQ1M3pqc3FUYUg1YThFMmNodm1XQWdDcnhSSzhiVkxNeGl3TkdqYm1FUFJ6K3c2TngrazBBOEtFY0lEc0tjClNYY2k1OHU0b1didFZKQmx6YS9adWpIUjZQMUJuT3BsK2FveTc4NGJiZDRQMzl3VExvWGZNZmJCQ20xdmV2aDkKQUpLbncyWnRxcjRta2JMY3hFcWxxM3NCTEZBUzlzUUxuS05DZTJjR0xkVHAyYm9HK3FjZ3lRZ0NJTTZmOEVNdgpXUGlmQ01NR3V6Sy9HUkY0YlBPL1lGNDhld0R1M1VlaWgwWFhkVUFPRTlDdFVhOE5JaGMxVVBhT3pQcnRZVnFyClpPR2t2L0t1K0I3OGg4U0VzTzlYclFjdXdiT25KeDZLdFIrYWV5a3ZBcFhDUTNmWkMvYllLQUFSK1A4QUpvUVoKYndJVW1YaTRnajVtK2JLUGhlK2lyK0U9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
tls:
alpnProtocols: []
certificates:
- name: envoy-gateway/tls-secret-1
- privateKey: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2UUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktjd2dnU2pBZ0VBQW9JQkFRQ2QwZlBDYWtweE1nUnUKT0VXQjFiQk5FM3ZseW55aTZWbkV2VWF1OUhvakR2UHVPTFJIaGI4MmoyY1ovMHhnL1lKR09LelBuV2JERkxGNApHdWh3dDRENmFUR0xYNklPODEwTDZ0SXZIWGZNUXRJS2VwdTZ3K3p1WVo4bG1yejB1RjZlWEtqamVIbHhyb2ZrCnVNekM3OUVaU0lYZlZlczJ1SmdVRSs4VGFzSDUzQ2Y4MFNSRGlIeEdxckttdVNjWCtwejBreGdCZ1VWYTVVS20KUWdTZDFmVUxLOUEwNXAxOXkrdURPM204bVhRNkxVQ0N1STFwZHNROGFlNS9zamlxa0VjWlJjMTdWYVgxWjVVaQpvcGZnNW9SY05VTG9VTHNiek9aNTR0YlVDUmdSV2VLbGZxaElINEZ6OUlkVlUyR3dFdEdhMmV6TjgyMVBaQ3QzCjZhbVRIelJsQWdNQkFBRUNnZ0VBWTFGTUlLNDVXTkVNUHJ6RTZUY3NNdVV2RkdhQVZ4bVk5NW5SMEtwajdvb3IKY21CVys2ZXN0TTQ4S1AwaitPbXd3VFpMY29Cd3VoWGN0V1Bob1lXcDhteWUxRUlEdjNyaHRHMDdocEQ1NGg2dgpCZzh3ejdFYStzMk9sT0N6UnlKNzBSY281YlhjWDNGaGJjdnFlRWJwaFFyQnpOSEtLMjZ4cmZqNWZIT3p6T1FGCmJHdUZ3SDVic3JGdFhlajJXM3c4eW90N0ZQSDV3S3RpdnhvSWU5RjMyOXNnOU9EQnZqWnpiaG1LVTArckFTK1kKRGVield2bFJyaEUrbXVmQTN6M0N0QXhDOFJpNzNscFNoTDRQQWlvcG1SUXlxZXRXMjYzOFFxcnM0R3hnNzhwbApJUXJXTmNBc2s3Slg5d3RZenV6UFBXSXRWTTFscFJiQVRhNTJqdFl2NVFLQmdRRE5tMTFtZTRYam1ZSFV2cStZCmFTUzdwK2UybXZEMHVaOU9JeFluQnBWMGkrckNlYnFFMkE1Rm5hcDQ5Yld4QTgwUElldlVkeUpCL2pUUkoxcVMKRUpXQkpMWm1LVkg2K1QwdWw1ZUtOcWxFTFZHU0dCSXNpeE9SUXpDZHBoMkx0UmtBMHVjSVUzY3hiUmVMZkZCRQpiSkdZWENCdlNGcWd0VDlvZTFldVpMVmFOd0tCZ1FERWdENzJENk81eGIweEQ1NDQ1M0RPMUJhZmd6aThCWDRTCk1SaVd2LzFUQ0w5N05sRWtoeXovNmtQd1owbXJRcE5CMzZFdkpKZFVteHdkU2MyWDhrOGcxMC85NVlLQkdWQWoKL3d0YVZYbE9WeEFvK0ZSelpZeFpyQ29uWWFSMHVwUzFybDRtenN4REhlZU9mUVZUTUgwUjdZN0pnbTA5dXQ4SwplanAvSXZBb1F3S0JnQjNaRWlRUWhvMVYrWjBTMlpiOG5KS0plMy9zMmxJTXFHM0ZkaS9RS3Q0eWViQWx6OGY5ClBZVXBzRmZEQTg5Z3grSU1nSm5sZVptdTk2ZnRXSjZmdmJSenllN216TG5zZU05TXZua1lHbGFGWmJRWnZubXMKN3ZoRmtzY3dHRlh4d21GMlBJZmU1Z3pNMDRBeVdjeTFIaVhLS2dNOXM3cGsxWUdyZGowZzdacmRBb0dCQUtLNApDR3MrbkRmMEZTMFJYOWFEWVJrRTdBNy9YUFhtSG5YMkRnU1h5N0Q4NTRPaWdTTWNoUmtPNTErbVNJejNQbllvCk41T1FXM2lHVVl1M1YvYmhnc0VSUzM1V2xmRk9BdDBzRUR5bjF5SVdXcDF5dG93d3BUNkVvUXVuZ2NYZjA5RjMKS1NROXowd3M4VmsvRWkvSFVXcU5LOWFXbU51cmFaT0ZqL2REK1ZkOUFvR0FMWFN3dEE3K043RDRkN0VEMURSRQpHTWdZNVd3OHFvdDZSdUNlNkpUY0FnU3B1MkhNU3JVY2dXclpiQnJZb09FUnVNQjFoMVJydk5ybU1qQlM0VW9FClgyZC8vbGhpOG1wL2VESWN3UDNRa2puanBJRFJWMFN1eWxrUkVaZURKZjVZb3R6eDdFdkJhbzFIbkQrWEg4eUIKVUtmWGJTaHZKVUdhRmgxT3Q1Y3JoM1k9Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
+ privateKey: '[redacted]'
serverCertificate: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUREVENDQWZXZ0F3SUJBZ0lVRUZNaFA5ZUo5WEFCV3NRNVptNmJSazJjTE5Rd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0ZqRVVNQklHQTFVRUF3d0xabTl2TG1KaGNpNWpiMjB3SGhjTk1qUXdNakk1TURrek1ERXdXaGNOTXpRdwpNakkyTURrek1ERXdXakFXTVJRd0VnWURWUVFEREF0bWIyOHVZbUZ5TG1OdmJUQ0NBU0l3RFFZSktvWklodmNOCkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFKbEk2WXhFOVprQ1BzNnBDUXhickNtZWl4OVA1RGZ4OVJ1NUxENFQKSm1kVzdJS2R0UVYvd2ZMbXRzdTc2QithVGRDaldlMEJUZmVPT1JCYlIzY1BBRzZFbFFMaWNsUVVydW4zcStncwpKcEsrSTdjSStqNXc4STY4WEg1V1E3clZVdGJ3SHBxYncrY1ZuQnFJVU9MaUlhdGpJZjdLWDUxTTF1RjljZkVICkU0RG5jSDZyYnI1OS9SRlpCc2toeHM1T3p3Sklmb2hreXZGd2V1VHd4Sy9WcGpJKzdPYzQ4QUJDWHBOTzlEL3EKRWgrck9hdWpBTWNYZ0hRSVRrQ2lpVVRjVW82TFNIOXZMWlB0YXFmem9acTZuaE1xcFc2NUUxcEF3RjNqeVRUeAphNUk4SmNmU0Zqa2llWjIwTFVRTW43TThVNHhIamFvL2d2SDBDQWZkQjdSTFUyc0NBd0VBQWFOVE1GRXdIUVlEClZSME9CQllFRk9SQ0U4dS8xRERXN2loWnA3Y3g5dFNtUG02T01COEdBMVVkSXdRWU1CYUFGT1JDRTh1LzFERFcKN2loWnA3Y3g5dFNtUG02T01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQgpBRnQ1M3pqc3FUYUg1YThFMmNodm1XQWdDcnhSSzhiVkxNeGl3TkdqYm1FUFJ6K3c2TngrazBBOEtFY0lEc0tjClNYY2k1OHU0b1didFZKQmx6YS9adWpIUjZQMUJuT3BsK2FveTc4NGJiZDRQMzl3VExvWGZNZmJCQ20xdmV2aDkKQUpLbncyWnRxcjRta2JMY3hFcWxxM3NCTEZBUzlzUUxuS05DZTJjR0xkVHAyYm9HK3FjZ3lRZ0NJTTZmOEVNdgpXUGlmQ01NR3V6Sy9HUkY0YlBPL1lGNDhld0R1M1VlaWgwWFhkVUFPRTlDdFVhOE5JaGMxVVBhT3pQcnRZVnFyClpPR2t2L0t1K0I3OGg4U0VzTzlYclFjdXdiT25KeDZLdFIrYWV5a3ZBcFhDUTNmWkMvYllLQUFSK1A4QUpvUVoKYndJVW1YaTRnajVtK2JLUGhlK2lyK0U9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
diff --git a/internal/gatewayapi/testdata/tcproute-with-backend.out.yaml b/internal/gatewayapi/testdata/tcproute-with-backend.out.yaml
index 29a124844e5..5bf2c388a30 100644
--- a/internal/gatewayapi/testdata/tcproute-with-backend.out.yaml
+++ b/internal/gatewayapi/testdata/tcproute-with-backend.out.yaml
@@ -112,7 +112,7 @@ xdsIR:
text:
- path: /dev/stdout
tcp:
- - address: 0.0.0.0
+ - address: '::'
name: envoy-gateway/gateway-1/tcp
port: 10090
routes:
diff --git a/internal/gatewayapi/testdata/tlsroute-attaching-to-gateway.out.yaml b/internal/gatewayapi/testdata/tlsroute-attaching-to-gateway.out.yaml
index a3dc7519ecd..12021806303 100644
--- a/internal/gatewayapi/testdata/tlsroute-attaching-to-gateway.out.yaml
+++ b/internal/gatewayapi/testdata/tlsroute-attaching-to-gateway.out.yaml
@@ -94,7 +94,7 @@ xdsIR:
text:
- path: /dev/stdout
tcp:
- - address: 0.0.0.0
+ - address: '::'
name: envoy-gateway/gateway-1/tls
port: 10090
routes:
diff --git a/internal/gatewayapi/testdata/tlsroute-multiple.out.yaml b/internal/gatewayapi/testdata/tlsroute-multiple.out.yaml
index 5a065e6d6bb..802c84636ad 100644
--- a/internal/gatewayapi/testdata/tlsroute-multiple.out.yaml
+++ b/internal/gatewayapi/testdata/tlsroute-multiple.out.yaml
@@ -128,7 +128,7 @@ xdsIR:
text:
- path: /dev/stdout
tcp:
- - address: 0.0.0.0
+ - address: '::'
name: envoy-gateway/gateway-1/tls
port: 10091
routes:
diff --git a/internal/gatewayapi/testdata/tlsroute-with-backend.out.yaml b/internal/gatewayapi/testdata/tlsroute-with-backend.out.yaml
index 97bce6d0acf..48e11662a57 100644
--- a/internal/gatewayapi/testdata/tlsroute-with-backend.out.yaml
+++ b/internal/gatewayapi/testdata/tlsroute-with-backend.out.yaml
@@ -114,7 +114,7 @@ xdsIR:
text:
- path: /dev/stdout
tcp:
- - address: 0.0.0.0
+ - address: '::'
name: envoy-gateway/gateway-1/tls
port: 10090
routes:
diff --git a/internal/gatewayapi/testdata/tlsroute-with-backendref-in-other-namespace-allowed-by-refgrant.out.yaml b/internal/gatewayapi/testdata/tlsroute-with-backendref-in-other-namespace-allowed-by-refgrant.out.yaml
index 1f8515c6532..072357e7937 100644
--- a/internal/gatewayapi/testdata/tlsroute-with-backendref-in-other-namespace-allowed-by-refgrant.out.yaml
+++ b/internal/gatewayapi/testdata/tlsroute-with-backendref-in-other-namespace-allowed-by-refgrant.out.yaml
@@ -95,7 +95,7 @@ xdsIR:
text:
- path: /dev/stdout
tcp:
- - address: 0.0.0.0
+ - address: '::'
name: envoy-gateway/gateway-1/tls
port: 10090
routes:
diff --git a/internal/gatewayapi/testdata/tlsroute-with-empty-hostname.out.yaml b/internal/gatewayapi/testdata/tlsroute-with-empty-hostname.out.yaml
index 09664c0e41c..dbb35bfecef 100644
--- a/internal/gatewayapi/testdata/tlsroute-with-empty-hostname.out.yaml
+++ b/internal/gatewayapi/testdata/tlsroute-with-empty-hostname.out.yaml
@@ -93,7 +93,7 @@ xdsIR:
text:
- path: /dev/stdout
tcp:
- - address: 0.0.0.0
+ - address: '::'
name: envoy-gateway/gateway-1/tls
port: 10091
routes:
diff --git a/internal/gatewayapi/testdata/tlsroute-with-empty-listener-hostname.out.yaml b/internal/gatewayapi/testdata/tlsroute-with-empty-listener-hostname.out.yaml
index d40d0927396..f696db74016 100644
--- a/internal/gatewayapi/testdata/tlsroute-with-empty-listener-hostname.out.yaml
+++ b/internal/gatewayapi/testdata/tlsroute-with-empty-listener-hostname.out.yaml
@@ -95,7 +95,7 @@ xdsIR:
text:
- path: /dev/stdout
tcp:
- - address: 0.0.0.0
+ - address: '::'
name: envoy-gateway/gateway-1/tls
port: 10091
routes:
diff --git a/internal/gatewayapi/testdata/tracing-merged-multiple-routes.out.yaml b/internal/gatewayapi/testdata/tracing-merged-multiple-routes.out.yaml
index 9c0610b4051..4ed723d6985 100644
--- a/internal/gatewayapi/testdata/tracing-merged-multiple-routes.out.yaml
+++ b/internal/gatewayapi/testdata/tracing-merged-multiple-routes.out.yaml
@@ -230,7 +230,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
@@ -265,7 +265,7 @@ xdsIR:
distinct: false
name: ""
prefix: /
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -279,7 +279,7 @@ xdsIR:
escapedSlashesAction: UnescapeAndRedirect
mergeSlashes: true
port: 8888
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- example.com
isHTTP2: false
diff --git a/internal/gatewayapi/testdata/tracing-multiple-routes.out.yaml b/internal/gatewayapi/testdata/tracing-multiple-routes.out.yaml
index 4bd1415e464..d51b333e647 100644
--- a/internal/gatewayapi/testdata/tracing-multiple-routes.out.yaml
+++ b/internal/gatewayapi/testdata/tracing-multiple-routes.out.yaml
@@ -255,7 +255,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*.envoyproxy.io'
isHTTP2: false
@@ -311,7 +311,7 @@ xdsIR:
text:
- path: /dev/stdout
http:
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- '*'
isHTTP2: false
@@ -325,7 +325,7 @@ xdsIR:
escapedSlashesAction: UnescapeAndRedirect
mergeSlashes: true
port: 8888
- - address: 0.0.0.0
+ - address: '::'
hostnames:
- example.com
isHTTP2: false
diff --git a/internal/gatewayapi/translator_test.go b/internal/gatewayapi/translator_test.go
index 39200342a5f..61e0025fbdd 100644
--- a/internal/gatewayapi/translator_test.go
+++ b/internal/gatewayapi/translator_test.go
@@ -14,6 +14,7 @@ import (
"fmt"
"os"
"path/filepath"
+ "reflect"
"strconv"
"strings"
"testing"
@@ -34,6 +35,7 @@ import (
egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1"
"github.com/envoyproxy/gateway/internal/gatewayapi/resource"
+ "github.com/envoyproxy/gateway/internal/ir"
"github.com/envoyproxy/gateway/internal/utils/field"
"github.com/envoyproxy/gateway/internal/utils/file"
"github.com/envoyproxy/gateway/internal/wasm"
@@ -318,6 +320,8 @@ func TestTranslate(t *testing.T) {
opts := []cmp.Option{
cmpopts.IgnoreFields(metav1.Condition{}, "LastTransitionTime"),
+ cmp.Transformer("ClearXdsEqual", xdsWithoutEqual),
+ cmpopts.IgnoreTypes(ir.PrivateBytes{}),
cmpopts.EquateEmpty(),
}
@@ -848,3 +852,42 @@ func (m *mockWasmCache) Get(downloadURL string, options wasm.GetOptions) (url st
}
func (m *mockWasmCache) Cleanup() {}
+
+// ir.Xds implements a custom Equal method which ensures exact equality, even
+// over redacted fields. This function is used to remove the Equal method from
+// the type, but ensure that the set of fields is the same.
+// This allows us to use cmp.Diff to compare the types with field-level cmpopts.
+func xdsWithoutEqual(a *ir.Xds) any {
+ ret := struct {
+ AccessLog *ir.AccessLog
+ Tracing *ir.Tracing
+ Metrics *ir.Metrics
+ HTTP []*ir.HTTPListener
+ TCP []*ir.TCPListener
+ UDP []*ir.UDPListener
+ EnvoyPatchPolicies []*ir.EnvoyPatchPolicy
+ FilterOrder []egv1a1.FilterPosition
+ }{
+ AccessLog: a.AccessLog,
+ Tracing: a.Tracing,
+ Metrics: a.Metrics,
+ HTTP: a.HTTP,
+ TCP: a.TCP,
+ UDP: a.UDP,
+ EnvoyPatchPolicies: a.EnvoyPatchPolicies,
+ FilterOrder: a.FilterOrder,
+ }
+
+ // Ensure we didn't drop an exported field.
+ ta, tr := reflect.TypeOf(*a), reflect.TypeOf(ret)
+ for i := 0; i < ta.NumField(); i++ {
+ aField := ta.Field(i)
+ if rField, ok := tr.FieldByName(aField.Name); !ok || aField.Type != rField.Type {
+ // We panic here because this is test code, and it would be hard to
+ // plumb the error out.
+ panic(fmt.Sprintf("field %q is missing or has wrong type in the ir.Xds mirror", aField.Name))
+ }
+ }
+
+ return ret
+}
diff --git a/internal/infrastructure/kubernetes/proxy/resource.go b/internal/infrastructure/kubernetes/proxy/resource.go
index aa5a4d64e70..55b3cb10623 100644
--- a/internal/infrastructure/kubernetes/proxy/resource.go
+++ b/internal/infrastructure/kubernetes/proxy/resource.go
@@ -89,27 +89,6 @@ func expectedProxyContainers(infra *ir.ProxyInfra,
// Define slice to hold container ports
var ports []corev1.ContainerPort
- // Iterate over listeners and ports to get container ports
- for _, listener := range infra.Listeners {
- for _, p := range listener.Ports {
- var protocol corev1.Protocol
- switch p.Protocol {
- case ir.HTTPProtocolType, ir.HTTPSProtocolType, ir.TLSProtocolType, ir.TCPProtocolType:
- protocol = corev1.ProtocolTCP
- case ir.UDPProtocolType:
- protocol = corev1.ProtocolUDP
- default:
- return nil, fmt.Errorf("invalid protocol %q", p.Protocol)
- }
- port := corev1.ContainerPort{
- Name: p.Name,
- ContainerPort: p.ContainerPort,
- Protocol: protocol,
- }
- ports = append(ports, port)
- }
- }
-
if enablePrometheus(infra) {
ports = append(ports, corev1.ContainerPort{
Name: "metrics",
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/component-level.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/component-level.yaml
index d68b1e56076..5b0f132f0b9 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/component-level.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/component-level.yaml
@@ -66,12 +66,6 @@ spec:
scheme: HTTP
name: envoy
ports:
- - containerPort: 8080
- name: EnvoyHTTPPort
- protocol: TCP
- - containerPort: 8443
- name: EnvoyHTTPSPort
- protocol: TCP
- containerPort: 19001
name: metrics
protocol: TCP
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/custom.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/custom.yaml
index b3472d7ce4a..c776209328c 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/custom.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/custom.yaml
@@ -249,12 +249,6 @@ spec:
scheme: HTTP
name: envoy
ports:
- - containerPort: 8080
- name: EnvoyHTTPPort
- protocol: TCP
- - containerPort: 8443
- name: EnvoyHTTPSPort
- protocol: TCP
- containerPort: 19001
name: metrics
protocol: TCP
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default-env.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default-env.yaml
index 329cb6fcfdb..0b19c488769 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default-env.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default-env.yaml
@@ -248,12 +248,6 @@ spec:
scheme: HTTP
name: envoy
ports:
- - containerPort: 8080
- name: EnvoyHTTPPort
- protocol: TCP
- - containerPort: 8443
- name: EnvoyHTTPSPort
- protocol: TCP
- containerPort: 19001
name: metrics
protocol: TCP
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default.yaml
index 7fd747bfc54..56a589683bd 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/default.yaml
@@ -233,12 +233,6 @@ spec:
scheme: HTTP
name: envoy
ports:
- - containerPort: 8080
- name: EnvoyHTTPPort
- protocol: TCP
- - containerPort: 8443
- name: EnvoyHTTPSPort
- protocol: TCP
- containerPort: 19001
name: metrics
protocol: TCP
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/disable-prometheus.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/disable-prometheus.yaml
index 8de53f5399b..2e0d28b8ae0 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/disable-prometheus.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/disable-prometheus.yaml
@@ -206,13 +206,6 @@ spec:
port: 19002
scheme: HTTP
name: envoy
- ports:
- - containerPort: 8080
- name: EnvoyHTTPPort
- protocol: TCP
- - containerPort: 8443
- name: EnvoyHTTPSPort
- protocol: TCP
readinessProbe:
failureThreshold: 1
httpGet:
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/extension-env.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/extension-env.yaml
index ae4f11bf6a4..300ad8663de 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/extension-env.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/extension-env.yaml
@@ -252,12 +252,6 @@ spec:
scheme: HTTP
name: envoy
ports:
- - containerPort: 8080
- name: EnvoyHTTPPort
- protocol: TCP
- - containerPort: 8443
- name: EnvoyHTTPSPort
- protocol: TCP
- containerPort: 19001
name: metrics
protocol: TCP
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/override-labels-and-annotations.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/override-labels-and-annotations.yaml
index fd9dad594d2..9bd9262b00f 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/override-labels-and-annotations.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/override-labels-and-annotations.yaml
@@ -242,12 +242,6 @@ spec:
scheme: HTTP
name: envoy
ports:
- - containerPort: 8080
- name: EnvoyHTTPPort
- protocol: TCP
- - containerPort: 8443
- name: EnvoyHTTPSPort
- protocol: TCP
- containerPort: 19001
name: metrics
protocol: TCP
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/patch-daemonset.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/patch-daemonset.yaml
index 44303a333ff..9e2901ea793 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/patch-daemonset.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/patch-daemonset.yaml
@@ -233,12 +233,6 @@ spec:
scheme: HTTP
name: envoy
ports:
- - containerPort: 8080
- name: EnvoyHTTPPort
- protocol: TCP
- - containerPort: 8443
- name: EnvoyHTTPSPort
- protocol: TCP
- containerPort: 19001
name: metrics
protocol: TCP
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/shutdown-manager.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/shutdown-manager.yaml
index f656e51276b..ee53271eedb 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/shutdown-manager.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/shutdown-manager.yaml
@@ -233,12 +233,6 @@ spec:
scheme: HTTP
name: envoy
ports:
- - containerPort: 8080
- name: EnvoyHTTPPort
- protocol: TCP
- - containerPort: 8443
- name: EnvoyHTTPSPort
- protocol: TCP
- containerPort: 19001
name: metrics
protocol: TCP
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/volumes.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/volumes.yaml
index 268a27505a6..31900415e4e 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/volumes.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/volumes.yaml
@@ -252,12 +252,6 @@ spec:
scheme: HTTP
name: envoy
ports:
- - containerPort: 8080
- name: EnvoyHTTPPort
- protocol: TCP
- - containerPort: 8443
- name: EnvoyHTTPSPort
- protocol: TCP
- containerPort: 19001
name: metrics
protocol: TCP
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-annotations.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-annotations.yaml
index de2cfc52cb5..478248125c1 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-annotations.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-annotations.yaml
@@ -238,12 +238,6 @@ spec:
scheme: HTTP
name: envoy
ports:
- - containerPort: 8080
- name: EnvoyHTTPPort
- protocol: TCP
- - containerPort: 8443
- name: EnvoyHTTPSPort
- protocol: TCP
- containerPort: 19001
name: metrics
protocol: TCP
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-concurrency.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-concurrency.yaml
index 35135058572..409d1ee542d 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-concurrency.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-concurrency.yaml
@@ -66,12 +66,6 @@ spec:
scheme: HTTP
name: envoy
ports:
- - containerPort: 8080
- name: EnvoyHTTPPort
- protocol: TCP
- - containerPort: 8443
- name: EnvoyHTTPSPort
- protocol: TCP
- containerPort: 19001
name: metrics
protocol: TCP
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-extra-args.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-extra-args.yaml
index bd684b6f4d5..abcf5df5843 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-extra-args.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-extra-args.yaml
@@ -235,12 +235,6 @@ spec:
scheme: HTTP
name: envoy
ports:
- - containerPort: 8080
- name: EnvoyHTTPPort
- protocol: TCP
- - containerPort: 8443
- name: EnvoyHTTPSPort
- protocol: TCP
- containerPort: 19001
name: metrics
protocol: TCP
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-image-pull-secrets.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-image-pull-secrets.yaml
index 924d99cee9f..63f4b88837b 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-image-pull-secrets.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-image-pull-secrets.yaml
@@ -233,12 +233,6 @@ spec:
scheme: HTTP
name: envoy
ports:
- - containerPort: 8080
- name: EnvoyHTTPPort
- protocol: TCP
- - containerPort: 8443
- name: EnvoyHTTPSPort
- protocol: TCP
- containerPort: 19001
name: metrics
protocol: TCP
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-name.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-name.yaml
index 0f6bb5dcb83..00f4cde053f 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-name.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-name.yaml
@@ -233,12 +233,6 @@ spec:
scheme: HTTP
name: envoy
ports:
- - containerPort: 8080
- name: EnvoyHTTPPort
- protocol: TCP
- - containerPort: 8443
- name: EnvoyHTTPSPort
- protocol: TCP
- containerPort: 19001
name: metrics
protocol: TCP
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-node-selector.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-node-selector.yaml
index 69797a95a41..338aee23c5d 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-node-selector.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-node-selector.yaml
@@ -233,12 +233,6 @@ spec:
scheme: HTTP
name: envoy
ports:
- - containerPort: 8080
- name: EnvoyHTTPPort
- protocol: TCP
- - containerPort: 8443
- name: EnvoyHTTPSPort
- protocol: TCP
- containerPort: 19001
name: metrics
protocol: TCP
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-topology-spread-constraints.yaml b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-topology-spread-constraints.yaml
index b8cf4d12a6c..65d61d1f79d 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-topology-spread-constraints.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/daemonsets/with-topology-spread-constraints.yaml
@@ -233,12 +233,6 @@ spec:
scheme: HTTP
name: envoy
ports:
- - containerPort: 8080
- name: EnvoyHTTPPort
- protocol: TCP
- - containerPort: 8443
- name: EnvoyHTTPSPort
- protocol: TCP
- containerPort: 19001
name: metrics
protocol: TCP
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/bootstrap.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/bootstrap.yaml
index 9cb872f552a..b9d6973e3e5 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/bootstrap.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/bootstrap.yaml
@@ -69,12 +69,6 @@ spec:
scheme: HTTP
name: envoy
ports:
- - containerPort: 8080
- name: EnvoyHTTPPort
- protocol: TCP
- - containerPort: 8443
- name: EnvoyHTTPSPort
- protocol: TCP
- containerPort: 19001
name: metrics
protocol: TCP
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/component-level.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/component-level.yaml
index 80fa00394ae..30172b63ce8 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/component-level.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/component-level.yaml
@@ -70,12 +70,6 @@ spec:
scheme: HTTP
name: envoy
ports:
- - containerPort: 8080
- name: EnvoyHTTPPort
- protocol: TCP
- - containerPort: 8443
- name: EnvoyHTTPSPort
- protocol: TCP
- containerPort: 19001
name: metrics
protocol: TCP
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml
index dff786a3515..a319317f707 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom.yaml
@@ -254,12 +254,6 @@ spec:
scheme: HTTP
name: envoy
ports:
- - containerPort: 8080
- name: EnvoyHTTPPort
- protocol: TCP
- - containerPort: 8443
- name: EnvoyHTTPSPort
- protocol: TCP
- containerPort: 19001
name: metrics
protocol: TCP
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom_with_initcontainers.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom_with_initcontainers.yaml
index 65079b2316e..8d2203c31bb 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom_with_initcontainers.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/custom_with_initcontainers.yaml
@@ -254,12 +254,6 @@ spec:
scheme: HTTP
name: envoy
ports:
- - containerPort: 8080
- name: EnvoyHTTPPort
- protocol: TCP
- - containerPort: 8443
- name: EnvoyHTTPSPort
- protocol: TCP
- containerPort: 19001
name: metrics
protocol: TCP
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/default-env.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/default-env.yaml
index 88371d81d1f..b028a291e74 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/default-env.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/default-env.yaml
@@ -253,12 +253,6 @@ spec:
scheme: HTTP
name: envoy
ports:
- - containerPort: 8080
- name: EnvoyHTTPPort
- protocol: TCP
- - containerPort: 8443
- name: EnvoyHTTPSPort
- protocol: TCP
- containerPort: 19001
name: metrics
protocol: TCP
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/default.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/default.yaml
index 57a62e569b5..2dd512c5fcb 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/default.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/default.yaml
@@ -237,12 +237,6 @@ spec:
scheme: HTTP
name: envoy
ports:
- - containerPort: 8080
- name: EnvoyHTTPPort
- protocol: TCP
- - containerPort: 8443
- name: EnvoyHTTPSPort
- protocol: TCP
- containerPort: 19001
name: metrics
protocol: TCP
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/disable-prometheus.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/disable-prometheus.yaml
index e575a3f3111..e2afb845d04 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/disable-prometheus.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/disable-prometheus.yaml
@@ -210,13 +210,6 @@ spec:
port: 19002
scheme: HTTP
name: envoy
- ports:
- - containerPort: 8080
- name: EnvoyHTTPPort
- protocol: TCP
- - containerPort: 8443
- name: EnvoyHTTPSPort
- protocol: TCP
readinessProbe:
failureThreshold: 1
httpGet:
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/extension-env.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/extension-env.yaml
index 9b84c2b4177..2c6bb786992 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/extension-env.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/extension-env.yaml
@@ -257,12 +257,6 @@ spec:
scheme: HTTP
name: envoy
ports:
- - containerPort: 8080
- name: EnvoyHTTPPort
- protocol: TCP
- - containerPort: 8443
- name: EnvoyHTTPSPort
- protocol: TCP
- containerPort: 19001
name: metrics
protocol: TCP
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/override-labels-and-annotations.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/override-labels-and-annotations.yaml
index 6300b906552..cda0dd531da 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/override-labels-and-annotations.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/override-labels-and-annotations.yaml
@@ -246,12 +246,6 @@ spec:
scheme: HTTP
name: envoy
ports:
- - containerPort: 8080
- name: EnvoyHTTPPort
- protocol: TCP
- - containerPort: 8443
- name: EnvoyHTTPSPort
- protocol: TCP
- containerPort: 19001
name: metrics
protocol: TCP
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/patch-deployment.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/patch-deployment.yaml
index 269909aec48..97c5760f631 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/patch-deployment.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/patch-deployment.yaml
@@ -237,12 +237,6 @@ spec:
scheme: HTTP
name: envoy
ports:
- - containerPort: 8080
- name: EnvoyHTTPPort
- protocol: TCP
- - containerPort: 8443
- name: EnvoyHTTPSPort
- protocol: TCP
- containerPort: 19001
name: metrics
protocol: TCP
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/shutdown-manager.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/shutdown-manager.yaml
index 5774c9dc1d2..81c7fad6ea3 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/shutdown-manager.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/shutdown-manager.yaml
@@ -237,12 +237,6 @@ spec:
scheme: HTTP
name: envoy
ports:
- - containerPort: 8080
- name: EnvoyHTTPPort
- protocol: TCP
- - containerPort: 8443
- name: EnvoyHTTPSPort
- protocol: TCP
- containerPort: 19001
name: metrics
protocol: TCP
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/volumes.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/volumes.yaml
index 9f6f50940c8..a1df598b9fe 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/volumes.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/volumes.yaml
@@ -257,12 +257,6 @@ spec:
scheme: HTTP
name: envoy
ports:
- - containerPort: 8080
- name: EnvoyHTTPPort
- protocol: TCP
- - containerPort: 8443
- name: EnvoyHTTPSPort
- protocol: TCP
- containerPort: 19001
name: metrics
protocol: TCP
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-annotations.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-annotations.yaml
index 3924adc4869..e21f0f78ffa 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-annotations.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-annotations.yaml
@@ -242,12 +242,6 @@ spec:
scheme: HTTP
name: envoy
ports:
- - containerPort: 8080
- name: EnvoyHTTPPort
- protocol: TCP
- - containerPort: 8443
- name: EnvoyHTTPSPort
- protocol: TCP
- containerPort: 19001
name: metrics
protocol: TCP
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-concurrency.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-concurrency.yaml
index 2086f2297a9..16df5efe6a3 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-concurrency.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-concurrency.yaml
@@ -70,12 +70,6 @@ spec:
scheme: HTTP
name: envoy
ports:
- - containerPort: 8080
- name: EnvoyHTTPPort
- protocol: TCP
- - containerPort: 8443
- name: EnvoyHTTPSPort
- protocol: TCP
- containerPort: 19001
name: metrics
protocol: TCP
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-empty-memory-limits.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-empty-memory-limits.yaml
index ce6f8b7b5de..c2db49a1246 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-empty-memory-limits.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-empty-memory-limits.yaml
@@ -237,12 +237,6 @@ spec:
scheme: HTTP
name: envoy
ports:
- - containerPort: 8080
- name: EnvoyHTTPPort
- protocol: TCP
- - containerPort: 8443
- name: EnvoyHTTPSPort
- protocol: TCP
- containerPort: 19001
name: metrics
protocol: TCP
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-extra-args.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-extra-args.yaml
index bc0a7e23a5a..402614eb808 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-extra-args.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-extra-args.yaml
@@ -239,12 +239,6 @@ spec:
scheme: HTTP
name: envoy
ports:
- - containerPort: 8080
- name: EnvoyHTTPPort
- protocol: TCP
- - containerPort: 8443
- name: EnvoyHTTPSPort
- protocol: TCP
- containerPort: 19001
name: metrics
protocol: TCP
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-image-pull-secrets.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-image-pull-secrets.yaml
index 360253c560e..5eb37e92d77 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-image-pull-secrets.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-image-pull-secrets.yaml
@@ -237,12 +237,6 @@ spec:
scheme: HTTP
name: envoy
ports:
- - containerPort: 8080
- name: EnvoyHTTPPort
- protocol: TCP
- - containerPort: 8443
- name: EnvoyHTTPSPort
- protocol: TCP
- containerPort: 19001
name: metrics
protocol: TCP
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-name.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-name.yaml
index 52ea316c857..5e6bbd62cb7 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-name.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-name.yaml
@@ -237,12 +237,6 @@ spec:
scheme: HTTP
name: envoy
ports:
- - containerPort: 8080
- name: EnvoyHTTPPort
- protocol: TCP
- - containerPort: 8443
- name: EnvoyHTTPSPort
- protocol: TCP
- containerPort: 19001
name: metrics
protocol: TCP
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-node-selector.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-node-selector.yaml
index 6a8cfb126be..55137dfe205 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-node-selector.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-node-selector.yaml
@@ -237,12 +237,6 @@ spec:
scheme: HTTP
name: envoy
ports:
- - containerPort: 8080
- name: EnvoyHTTPPort
- protocol: TCP
- - containerPort: 8443
- name: EnvoyHTTPSPort
- protocol: TCP
- containerPort: 19001
name: metrics
protocol: TCP
diff --git a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-topology-spread-constraints.yaml b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-topology-spread-constraints.yaml
index 3bdf275ce09..adc7784549e 100644
--- a/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-topology-spread-constraints.yaml
+++ b/internal/infrastructure/kubernetes/proxy/testdata/deployments/with-topology-spread-constraints.yaml
@@ -237,12 +237,6 @@ spec:
scheme: HTTP
name: envoy
ports:
- - containerPort: 8080
- name: EnvoyHTTPPort
- protocol: TCP
- - containerPort: 8443
- name: EnvoyHTTPSPort
- protocol: TCP
- containerPort: 19001
name: metrics
protocol: TCP
diff --git a/internal/ir/xds.go b/internal/ir/xds.go
index 5ed3577d24f..160f1a03021 100644
--- a/internal/ir/xds.go
+++ b/internal/ir/xds.go
@@ -7,6 +7,7 @@ package ir
import (
"cmp"
+ "encoding"
"encoding/json"
"errors"
"fmt"
@@ -77,6 +78,51 @@ var (
redacted = []byte("[redacted]")
)
+// PrivateBytes implements a custom []byte type so that we can override the
+// various string-ish printing functions to redact the contents.
+type PrivateBytes []byte
+
+var (
+ _ fmt.Stringer = PrivateBytes{}
+ _ encoding.TextMarshaler = PrivateBytes{}
+)
+
+// MarshalText redacts the contents of the PrivateBytes type.
+// Note that MarshalJSON will call MarshalText if it exists, so we don't
+// need to implement MarshalJSON.
+func (p PrivateBytes) MarshalText() ([]byte, error) {
+ if len(p) == 0 {
+ return nil, nil
+ }
+ return redacted, nil
+}
+
+// String redacts the contents of the PrivateBytes type.
+func (p PrivateBytes) String() string {
+ if len(p) == 0 {
+ return ""
+ }
+ return string(redacted)
+}
+
+func (p *PrivateBytes) UnmarshalJSON(data []byte) error {
+ if len(data) == 0 {
+ *p = nil
+ return nil
+ }
+ if string(data) == `"`+string(redacted)+`"` {
+ *p = redacted
+ return nil
+ }
+ var b []byte
+ err := json.Unmarshal(data, &b)
+ if err != nil {
+ return fmt.Errorf("UnmarshalJSON failed: %w, %q", err, string(data))
+ }
+ *p = b
+ return err
+}
+
// Xds holds the intermediate representation of a Gateway and is
// used by the xDS Translator to convert it into xDS resources.
// +k8s:deepcopy-gen=true
@@ -176,36 +222,15 @@ func (x *Xds) GetUDPListener(name string) *UDPListener {
}
func (x *Xds) YAMLString() string {
- y, _ := yaml.Marshal(x.Printable())
+ y, _ := yaml.Marshal(x)
return string(y)
}
func (x *Xds) JSONString() string {
- j, _ := json.Marshal(x.Printable())
+ j, _ := json.Marshal(x)
return string(j)
}
-// Printable returns a deep copy of the resource that can be safely logged.
-func (x *Xds) Printable() *Xds {
- out := x.DeepCopy()
- for _, listener := range out.HTTP {
- // Omit field
- if listener.TLS != nil {
- for i := range listener.TLS.Certificates {
- listener.TLS.Certificates[i].PrivateKey = redacted
- }
- }
-
- for _, route := range listener.Routes {
- // Omit field
- if route.Security != nil {
- route.Security = route.Security.Printable()
- }
- }
- }
- return out
-}
-
type Listener interface {
GetName() string
GetAddress() string
@@ -378,7 +403,7 @@ type TLSCertificate struct {
// Certificate can be either a client or server certificate.
Certificate []byte `json:"serverCertificate,omitempty" yaml:"serverCertificate,omitempty"`
// PrivateKey for the server.
- PrivateKey []byte `json:"privateKey,omitempty" yaml:"privateKey,omitempty"`
+ PrivateKey PrivateBytes `json:"privateKey,omitempty" yaml:"privateKey,omitempty"`
}
// TLSCACertificate holds CA Certificate to validate clients
@@ -778,18 +803,6 @@ type SecurityFeatures struct {
Authorization *Authorization `json:"authorization,omitempty" yaml:"authorization,omitempty"`
}
-func (s *SecurityFeatures) Printable() *SecurityFeatures {
- out := s.DeepCopy()
- if out.OIDC != nil {
- out.OIDC.ClientSecret = redacted
- out.OIDC.HMACSecret = redacted
- }
- if out.BasicAuth != nil {
- out.BasicAuth.Users = redacted
- }
- return out
-}
-
func (s *SecurityFeatures) Validate() error {
var errs error
@@ -883,10 +896,10 @@ type OIDC struct {
// [Authentication Request](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest).
//
// This is an Opaque secret. The client secret should be stored in the key "client-secret".
- ClientSecret []byte `json:"clientSecret,omitempty" yaml:"clientSecret,omitempty"`
+ ClientSecret PrivateBytes `json:"clientSecret,omitempty" yaml:"clientSecret,omitempty"`
// HMACSecret is the secret used to sign the HMAC of the OAuth2 filter cookies.
- HMACSecret []byte `json:"hmacSecret,omitempty" yaml:"hmacSecret,omitempty"`
+ HMACSecret PrivateBytes `json:"hmacSecret,omitempty" yaml:"hmacSecret,omitempty"`
// The OIDC scopes to be used in the
// [Authentication Request](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest).
@@ -959,7 +972,7 @@ type BasicAuth struct {
Name string `json:"name" yaml:"name"`
// The username-password pairs in htpasswd format.
- Users []byte `json:"users,omitempty" yaml:"users,omitempty"`
+ Users PrivateBytes `json:"users,omitempty" yaml:"users,omitempty"`
}
// ExtAuth defines the schema for the external authorization.
@@ -2629,6 +2642,10 @@ type Wasm struct {
// original URL(either an HTTP URL or an OCI image) and serves it through the
// local HTTP server.
Code *HTTPWasmCode `json:"httpWasmCode,omitempty"`
+
+ // HostKeys is a list of keys for environment variables from the host envoy process
+ // that should be passed into the Wasm VM.
+ HostKeys []string `json:"hostKeys,omitempty"`
}
// HTTPWasmCode holds the information associated with the HTTP Wasm code source.
diff --git a/internal/ir/xds_test.go b/internal/ir/xds_test.go
index 7a81491417d..c73faf7eb44 100644
--- a/internal/ir/xds_test.go
+++ b/internal/ir/xds_test.go
@@ -6,6 +6,7 @@
package ir
import (
+ "encoding/json"
"net/http"
"testing"
"time"
@@ -1331,11 +1332,12 @@ func TestValidateLoadBalancer(t *testing.T) {
}
}
-func TestPrintable(t *testing.T) {
+func TestRedaction(t *testing.T) {
tests := []struct {
- name string
- input Xds
- want *Xds
+ name string
+ input Xds
+ want *Xds
+ wantStr string
}{
{
name: "empty",
@@ -1360,10 +1362,59 @@ func TestPrintable(t *testing.T) {
HTTP: []*HTTPListener{&redactedHappyHTTPSListener},
},
},
+ {
+ name: "explicit string check",
+ input: Xds{
+ HTTP: []*HTTPListener{{
+ TLS: &TLSConfig{
+ Certificates: []TLSCertificate{{
+ Name: "server",
+ Certificate: []byte("---"),
+ PrivateKey: []byte("secret"),
+ }},
+ ClientCertificates: []TLSCertificate{{
+ Name: "client",
+ Certificate: []byte("---"),
+ PrivateKey: []byte("secret"),
+ }},
+ },
+ Routes: []*HTTPRoute{{
+ Security: &SecurityFeatures{
+ OIDC: &OIDC{
+ ClientSecret: []byte("secret"),
+ HMACSecret: []byte("secret"),
+ },
+ BasicAuth: &BasicAuth{
+ Users: []byte("secret"),
+ },
+ },
+ }},
+ }},
+ },
+ wantStr: `{"http":[{"name":"","address":"","port":0,"hostnames":null,` +
+ `"tls":{` +
+ `"certificates":[{"name":"server","serverCertificate":"LS0t","privateKey":"[redacted]"}],` +
+ `"clientCertificates":[{"name":"client","serverCertificate":"LS0t","privateKey":"[redacted]"}],` +
+ `"alpnProtocols":null},` +
+ `"routes":[{` +
+ `"name":"","hostname":"","isHTTP2":false,"security":{` +
+ `"oidc":{"name":"","provider":{},"clientID":"","clientSecret":"[redacted]","hmacSecret":"[redacted]"},` +
+ `"basicAuth":{"name":"","users":"[redacted]"}` +
+ `}}],` +
+ `"isHTTP2":false,"path":{"mergeSlashes":false,"escapedSlashesAction":""}}]}`,
+ },
}
for _, test := range tests {
t.Run(test.name, func(t *testing.T) {
- assert.Equal(t, *test.want, *test.input.Printable())
+ if test.want != nil {
+ if test.wantStr != "" {
+ t.Fatalf("Don't set both want and wantStr")
+ }
+ wantJSON, err := json.Marshal(test.want)
+ require.NoError(t, err)
+ test.wantStr = string(wantJSON)
+ }
+ assert.Equal(t, test.wantStr, test.input.JSONString())
})
}
}
diff --git a/internal/ir/zz_generated.deepcopy.go b/internal/ir/zz_generated.deepcopy.go
index fb2f0dd10b3..f5a7165434c 100644
--- a/internal/ir/zz_generated.deepcopy.go
+++ b/internal/ir/zz_generated.deepcopy.go
@@ -315,7 +315,7 @@ func (in *BasicAuth) DeepCopyInto(out *BasicAuth) {
*out = *in
if in.Users != nil {
in, out := &in.Users, &out.Users
- *out = make([]byte, len(*in))
+ *out = make(PrivateBytes, len(*in))
copy(*out, *in)
}
}
@@ -1995,12 +1995,12 @@ func (in *OIDC) DeepCopyInto(out *OIDC) {
in.Provider.DeepCopyInto(&out.Provider)
if in.ClientSecret != nil {
in, out := &in.ClientSecret, &out.ClientSecret
- *out = make([]byte, len(*in))
+ *out = make(PrivateBytes, len(*in))
copy(*out, *in)
}
if in.HMACSecret != nil {
in, out := &in.HMACSecret, &out.HMACSecret
- *out = make([]byte, len(*in))
+ *out = make(PrivateBytes, len(*in))
copy(*out, *in)
}
if in.Scopes != nil {
@@ -3048,7 +3048,7 @@ func (in *TLSCertificate) DeepCopyInto(out *TLSCertificate) {
}
if in.PrivateKey != nil {
in, out := &in.PrivateKey, &out.PrivateKey
- *out = make([]byte, len(*in))
+ *out = make(PrivateBytes, len(*in))
copy(*out, *in)
}
}
@@ -3445,6 +3445,11 @@ func (in *Wasm) DeepCopyInto(out *Wasm) {
*out = new(HTTPWasmCode)
**out = **in
}
+ if in.HostKeys != nil {
+ in, out := &in.HostKeys, &out.HostKeys
+ *out = make([]string, len(*in))
+ copy(*out, *in)
+ }
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Wasm.
diff --git a/internal/message/metrics.go b/internal/message/metrics.go
index 5f120124191..de744f47aa8 100644
--- a/internal/message/metrics.go
+++ b/internal/message/metrics.go
@@ -13,6 +13,11 @@ var (
"Current depth of watchable queue.",
)
+ panicCounter = metrics.NewCounter(
+ "watchable_panics_recovered_total",
+ "Total number of panics recovered while handling items in queue.",
+ )
+
watchableSubscribeDurationSeconds = metrics.NewHistogram(
"watchable_subscribe_duration_seconds",
"How long in seconds a subscribed watchable queue is handled.",
diff --git a/internal/message/watchutil.go b/internal/message/watchutil.go
index f8391cbc47a..77caa4af3d9 100644
--- a/internal/message/watchutil.go
+++ b/internal/message/watchutil.go
@@ -6,6 +6,8 @@
package message
import (
+ "fmt"
+ "runtime/debug"
"time"
"github.com/telepresenceio/watchable"
@@ -36,6 +38,28 @@ func (m Metadata) LabelValues() []metrics.LabelValue {
return labels
}
+// handleWithCrashRecovery calls the provided handle function and gracefully recovers from any panics
+// that might occur when the handle function is called.
+func handleWithCrashRecovery[K comparable, V any](
+ handle func(updateFunc Update[K, V], errChans chan error),
+ update Update[K, V],
+ meta Metadata,
+ errChans chan error,
+) {
+ defer func() {
+ if r := recover(); r != nil {
+ logger.WithValues("runner", meta.Runner).Error(fmt.Errorf("%+v", r), "observed a panic",
+ "stackTrace", string(debug.Stack()))
+ watchableSubscribeTotal.WithFailure(metrics.ReasonError, meta.LabelValues()...).Increment()
+ panicCounter.WithFailure(metrics.ReasonError, meta.LabelValues()...).Increment()
+ }
+ }()
+ startHandleTime := time.Now()
+ handle(update, errChans)
+ watchableSubscribeTotal.WithSuccess(meta.LabelValues()...).Increment()
+ watchableSubscribeDurationSeconds.With(meta.LabelValues()...).Record(time.Since(startHandleTime).Seconds())
+}
+
// HandleSubscription takes a channel returned by
// watchable.Map.Subscribe() (or .SubscribeSubset()), and calls the
// given function for each initial value in the map, and for any
@@ -57,25 +81,20 @@ func HandleSubscription[K comparable, V any](
watchableSubscribeTotal.WithFailure(metrics.ReasonError, meta.LabelValues()...).Increment()
}
}()
+ defer close(errChans)
if snapshot, ok := <-subscription; ok {
for k, v := range snapshot.State {
- startHandleTime := time.Now()
- handle(Update[K, V]{
+ handleWithCrashRecovery(handle, Update[K, V]{
Key: k,
Value: v,
- }, errChans)
- watchableSubscribeTotal.WithSuccess(meta.LabelValues()...).Increment()
- watchableSubscribeDurationSeconds.With(meta.LabelValues()...).Record(time.Since(startHandleTime).Seconds())
+ }, meta, errChans)
}
}
for snapshot := range subscription {
watchableDepth.With(meta.LabelValues()...).Record(float64(len(subscription)))
for _, update := range snapshot.Updates {
- startHandleTime := time.Now()
- handle(Update[K, V](update), errChans)
- watchableSubscribeTotal.WithSuccess(meta.LabelValues()...).Increment()
- watchableSubscribeDurationSeconds.With(meta.LabelValues()...).Record(time.Since(startHandleTime).Seconds())
+ handleWithCrashRecovery(handle, Update[K, V](update), meta, errChans)
}
}
}
diff --git a/internal/message/watchutil_test.go b/internal/message/watchutil_test.go
index 2c08821b211..6e6472d14f0 100644
--- a/internal/message/watchutil_test.go
+++ b/internal/message/watchutil_test.go
@@ -30,6 +30,34 @@ func TestHandleSubscriptionAlreadyClosed(t *testing.T) {
assert.Equal(t, 0, calls)
}
+func TestPanicInSubscriptionHandler(t *testing.T) {
+ defer func() {
+ if r := recover(); r != nil {
+ assert.Fail(t, "recovered from an unexpected panic")
+ }
+ }()
+ var m watchable.Map[string, any]
+ m.Store("foo", "bar")
+
+ go func() {
+ time.Sleep(100 * time.Millisecond)
+ m.Store("baz", "qux")
+ time.Sleep(100 * time.Millisecond)
+ m.Close()
+ }()
+
+ numCalls := 0
+ message.HandleSubscription[string, any](
+ message.Metadata{Runner: "demo", Message: "demo"},
+ m.Subscribe(context.Background()),
+ func(update message.Update[string, any], errChans chan error) {
+ numCalls++
+ panic("oops " + update.Key)
+ },
+ )
+ assert.Equal(t, 2, numCalls)
+}
+
func TestHandleSubscriptionAlreadyInitialized(t *testing.T) {
var m watchable.Map[string, any]
m.Store("foo", "bar")
diff --git a/internal/metrics/testdata/counter_metric.json b/internal/metrics/testdata/counter_metric.json
index 2c1859a3d45..62b17ac82e1 100644
--- a/internal/metrics/testdata/counter_metric.json
+++ b/internal/metrics/testdata/counter_metric.json
@@ -20,7 +20,8 @@
"Scope": {
"Name": "envoy-gateway",
"Version": "",
- "SchemaURL": ""
+ "SchemaURL": "",
+ "Attributes": null
},
"Metrics": [
{
diff --git a/internal/metrics/testdata/gauge_metric.json b/internal/metrics/testdata/gauge_metric.json
index 7641f17cbee..976d5cf3e40 100644
--- a/internal/metrics/testdata/gauge_metric.json
+++ b/internal/metrics/testdata/gauge_metric.json
@@ -20,7 +20,8 @@
"Scope": {
"Name": "envoy-gateway",
"Version": "",
- "SchemaURL": ""
+ "SchemaURL": "",
+ "Attributes": null
},
"Metrics": [
{
diff --git a/internal/metrics/testdata/histogram_metric.json b/internal/metrics/testdata/histogram_metric.json
index 0054be03640..70571a68f2e 100644
--- a/internal/metrics/testdata/histogram_metric.json
+++ b/internal/metrics/testdata/histogram_metric.json
@@ -20,7 +20,8 @@
"Scope": {
"Name": "envoy-gateway",
"Version": "",
- "SchemaURL": ""
+ "SchemaURL": "",
+ "Attributes": null
},
"Metrics": [
{
diff --git a/internal/utils/jsonpatch/patch_test.go b/internal/utils/jsonpatch/patch_test.go
index dbdd63fc527..cfd4ec8e2e4 100644
--- a/internal/utils/jsonpatch/patch_test.go
+++ b/internal/utils/jsonpatch/patch_test.go
@@ -241,7 +241,7 @@ func TestApplyJSONPatches(t *testing.T) {
t.Error(err)
}
- require.Equal(t, expectedJSON, resultJSON)
+ require.JSONEq(t, expectedJSON, resultJSON)
}
require.NoError(t, err)
}
diff --git a/internal/utils/net/ip.go b/internal/utils/net/ip.go
new file mode 100644
index 00000000000..4c496936801
--- /dev/null
+++ b/internal/utils/net/ip.go
@@ -0,0 +1,10 @@
+// Copyright Envoy Gateway Authors
+// SPDX-License-Identifier: Apache-2.0
+// The full text of the Apache license is available in the LICENSE file at
+// the root of the repo.
+
+package net
+
+const (
+ IPv6ListenerAddress = "::"
+)
diff --git a/internal/xds/translator/accesslog.go b/internal/xds/translator/accesslog.go
index 076eb659d83..265e3ed8a9c 100644
--- a/internal/xds/translator/accesslog.go
+++ b/internal/xds/translator/accesslog.go
@@ -6,7 +6,6 @@
package translator
import (
- "errors"
"sort"
"strings"
@@ -545,7 +544,7 @@ func processClusterForAccessLog(tCtx *types.ResourceVersionTable, al *ir.AccessL
backendConnection: traffic.BackendConnection,
dns: traffic.DNS,
http2Settings: traffic.HTTP2,
- }); err != nil && !errors.Is(err, ErrXdsClusterExists) {
+ }); err != nil {
return err
}
}
@@ -573,7 +572,7 @@ func processClusterForAccessLog(tCtx *types.ResourceVersionTable, al *ir.AccessL
backendConnection: traffic.BackendConnection,
dns: traffic.DNS,
http2Settings: traffic.HTTP2,
- }); err != nil && !errors.Is(err, ErrXdsClusterExists) {
+ }); err != nil {
return err
}
}
diff --git a/internal/xds/translator/cluster.go b/internal/xds/translator/cluster.go
index 5a13076e456..495640ff90a 100644
--- a/internal/xds/translator/cluster.go
+++ b/internal/xds/translator/cluster.go
@@ -84,9 +84,16 @@ func buildEndpointType(settings []*ir.DestinationSetting) EndpointType {
}
func buildXdsCluster(args *xdsClusterArgs) *clusterv3.Cluster {
- dnsLookupFamily := clusterv3.Cluster_V4_ONLY
- if args.ipFamily != nil && *args.ipFamily == egv1a1.DualStack {
- dnsLookupFamily = clusterv3.Cluster_ALL
+ dnsLookupFamily := clusterv3.Cluster_AUTO
+ if args.ipFamily != nil {
+ switch *args.ipFamily {
+ case egv1a1.IPv4:
+ dnsLookupFamily = clusterv3.Cluster_V4_ONLY
+ case egv1a1.IPv6:
+ dnsLookupFamily = clusterv3.Cluster_V6_ONLY
+ case egv1a1.DualStack:
+ dnsLookupFamily = clusterv3.Cluster_ALL
+ }
}
cluster := &clusterv3.Cluster{
Name: args.name,
diff --git a/internal/xds/translator/extauth.go b/internal/xds/translator/extauth.go
index e8641cf2a6e..f703dfe2d4f 100644
--- a/internal/xds/translator/extauth.go
+++ b/internal/xds/translator/extauth.go
@@ -234,14 +234,12 @@ func (*extAuth) patchResources(tCtx *types.ResourceVersionTable,
}
if route.Security.ExtAuth.HTTP != nil {
if err := createExtServiceXDSCluster(
- &route.Security.ExtAuth.HTTP.Destination, route.Security.ExtAuth.Traffic, tCtx); err != nil && !errors.Is(
- err, ErrXdsClusterExists) {
+ &route.Security.ExtAuth.HTTP.Destination, route.Security.ExtAuth.Traffic, tCtx); err != nil {
errs = errors.Join(errs, err)
}
} else {
if err := createExtServiceXDSCluster(
- &route.Security.ExtAuth.GRPC.Destination, route.Security.ExtAuth.Traffic, tCtx); err != nil && !errors.Is(
- err, ErrXdsClusterExists) {
+ &route.Security.ExtAuth.GRPC.Destination, route.Security.ExtAuth.Traffic, tCtx); err != nil {
errs = errors.Join(errs, err)
}
}
diff --git a/internal/xds/translator/extproc.go b/internal/xds/translator/extproc.go
index 2bc6c4b6ba6..57cc9634d09 100644
--- a/internal/xds/translator/extproc.go
+++ b/internal/xds/translator/extproc.go
@@ -173,8 +173,7 @@ func (*extProc) patchResources(tCtx *types.ResourceVersionTable,
for i := range route.EnvoyExtensions.ExtProcs {
ep := route.EnvoyExtensions.ExtProcs[i]
if err := createExtServiceXDSCluster(
- &ep.Destination, ep.Traffic, tCtx); err != nil && !errors.Is(
- err, ErrXdsClusterExists) {
+ &ep.Destination, ep.Traffic, tCtx); err != nil {
errs = errors.Join(errs, err)
}
}
diff --git a/internal/xds/translator/listener.go b/internal/xds/translator/listener.go
index 9a68c5f3c1f..098cc896145 100644
--- a/internal/xds/translator/listener.go
+++ b/internal/xds/translator/listener.go
@@ -146,42 +146,11 @@ func originalIPDetectionExtensions(clientIPDetection *ir.ClientIPDetectionSettin
return extensionConfig
}
-func setAddressByIPFamily(socketAddress *corev3.SocketAddress, ipFamily *ir.IPFamily, port uint32) []*listenerv3.AdditionalAddress {
- if ipFamily == nil {
- return nil
- }
- switch *ipFamily {
- case ir.IPv4:
- socketAddress.Address = "0.0.0.0"
- case ir.IPv6:
- socketAddress.Address = "::"
- case ir.Dualstack:
- socketAddress.Address = "0.0.0.0"
- return []*listenerv3.AdditionalAddress{
- {
- Address: &corev3.Address{
- Address: &corev3.Address_SocketAddress{
- SocketAddress: &corev3.SocketAddress{
- Protocol: socketAddress.Protocol,
- Address: "::",
- PortSpecifier: &corev3.SocketAddress_PortValue{
- PortValue: port,
- },
- },
- },
- },
- },
- }
- }
- return nil
-}
-
// buildXdsTCPListener creates a xds Listener resource
// TODO: Improve function parameters
func buildXdsTCPListener(
name, address string,
port uint32,
- ipFamily *ir.IPFamily,
keepalive *ir.TCPKeepalive,
connection *ir.ClientConnection,
accesslog *ir.AccessLog,
@@ -205,13 +174,12 @@ func buildXdsTCPListener(
PortSpecifier: &corev3.SocketAddress_PortValue{
PortValue: port,
},
+ Ipv4Compat: true,
},
},
},
}
- socketAddress := listener.Address.GetSocketAddress()
- listener.AdditionalAddresses = setAddressByIPFamily(socketAddress, ipFamily, port)
return listener, nil
}
@@ -239,6 +207,7 @@ func buildXdsQuicListener(name, address string, port uint32, accesslog *ir.Acces
PortSpecifier: &corev3.SocketAddress_PortValue{
PortValue: port,
},
+ Ipv4Compat: true,
},
},
},
@@ -880,6 +849,7 @@ func buildXdsUDPListener(clusterName string, udpListener *ir.UDPListener, access
PortSpecifier: &corev3.SocketAddress_PortValue{
PortValue: udpListener.Port,
},
+ Ipv4Compat: true,
},
},
},
diff --git a/internal/xds/translator/oidc.go b/internal/xds/translator/oidc.go
index a706cae662f..c51bbd75499 100644
--- a/internal/xds/translator/oidc.go
+++ b/internal/xds/translator/oidc.go
@@ -310,8 +310,7 @@ func createOAuthServerClusters(tCtx *types.ResourceVersionTable,
// If the OIDC provider has a destination, use it.
if oidc.Provider.Destination != nil && len(oidc.Provider.Destination.Settings) > 0 {
if err := createExtServiceXDSCluster(
- oidc.Provider.Destination, oidc.Provider.Traffic, tCtx); err != nil && !errors.Is(
- err, ErrXdsClusterExists) {
+ oidc.Provider.Destination, oidc.Provider.Traffic, tCtx); err != nil {
errs = errors.Join(errs, err)
}
} else {
@@ -372,11 +371,7 @@ func createOAuth2TokenEndpointCluster(tCtx *types.ResourceVersionTable,
clusterArgs.tSocket = tSocket
}
- if err = addXdsCluster(tCtx, clusterArgs); err != nil && !errors.Is(err, ErrXdsClusterExists) {
- return err
- }
-
- return err
+ return addXdsCluster(tCtx, clusterArgs)
}
// createOAuth2Secrets creates OAuth2 client and HMAC secrets from the provided
diff --git a/internal/xds/translator/ratelimit.go b/internal/xds/translator/ratelimit.go
index 06b37bc4589..eb6a1c4a2cd 100644
--- a/internal/xds/translator/ratelimit.go
+++ b/internal/xds/translator/ratelimit.go
@@ -7,7 +7,6 @@ package translator
import (
"bytes"
- "errors"
"net/url"
"strconv"
"strings"
@@ -492,17 +491,13 @@ func (t *Translator) createRateLimitServiceCluster(tCtx *types.ResourceVersionTa
return err
}
- if err := addXdsCluster(tCtx, &xdsClusterArgs{
+ return addXdsCluster(tCtx, &xdsClusterArgs{
name: clusterName,
settings: []*ir.DestinationSetting{ds},
tSocket: tSocket,
endpointType: EndpointTypeDNS,
metrics: metrics,
- }); err != nil && !errors.Is(err, ErrXdsClusterExists) {
- return err
- }
-
- return nil
+ })
}
func getRouteRuleDescriptor(ruleIndex, matchIndex int) string {
diff --git a/internal/xds/translator/testdata/in/extension-xds-ir/extensionpolicy-tcp-udp-http.yaml b/internal/xds/translator/testdata/in/extension-xds-ir/extensionpolicy-tcp-udp-http.yaml
index 77ced570f46..6a5d283ee44 100644
--- a/internal/xds/translator/testdata/in/extension-xds-ir/extensionpolicy-tcp-udp-http.yaml
+++ b/internal/xds/translator/testdata/in/extension-xds-ir/extensionpolicy-tcp-udp-http.yaml
@@ -35,6 +35,15 @@ http:
escapedSlashesAction: UnescapeAndRedirect
mergeSlashes: true
port: 10080
+ routes:
+ - name: "http-route"
+ hostname: "*"
+ destination:
+ name: "http-route-dest"
+ settings:
+ - endpoints:
+ - host: "1.2.3.4"
+ port: 50000
tcp:
- address: 0.0.0.0
extensionRefs:
@@ -66,6 +75,13 @@ tcp:
controllerName: gateway.envoyproxy.io/gatewayclass-controller
name: envoy-gateway/gateway-1/tcp1
port: 10080
+ routes:
+ - destination:
+ name: "tcp-route-dest"
+ settings:
+ - endpoints:
+ - host: "1.2.3.4"
+ port: 50000
udp:
- address: 0.0.0.0
route:
diff --git a/internal/xds/translator/testdata/in/xds-ir/accesslog-cel.yaml b/internal/xds/translator/testdata/in/xds-ir/accesslog-cel.yaml
index 405c2372d91..8a0497c3fb8 100644
--- a/internal/xds/translator/testdata/in/xds-ir/accesslog-cel.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/accesslog-cel.yaml
@@ -35,7 +35,7 @@ accesslog:
protocol: "GRPC"
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/accesslog-endpoint-stats.yaml b/internal/xds/translator/testdata/in/xds-ir/accesslog-endpoint-stats.yaml
index 2355c6504cf..623c3b6d594 100644
--- a/internal/xds/translator/testdata/in/xds-ir/accesslog-endpoint-stats.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/accesslog-endpoint-stats.yaml
@@ -31,7 +31,7 @@ accesslog:
protocol: "GRPC"
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/accesslog-formatters.yaml b/internal/xds/translator/testdata/in/xds-ir/accesslog-formatters.yaml
index e4e088d349b..4ba42ea82bb 100644
--- a/internal/xds/translator/testdata/in/xds-ir/accesslog-formatters.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/accesslog-formatters.yaml
@@ -39,7 +39,7 @@ accesslog:
protocol: "GRPC"
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/accesslog-invalid.yaml b/internal/xds/translator/testdata/in/xds-ir/accesslog-invalid.yaml
index 10768da4354..8c8161e2e33 100644
--- a/internal/xds/translator/testdata/in/xds-ir/accesslog-invalid.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/accesslog-invalid.yaml
@@ -27,7 +27,7 @@ accesslog:
port: 4317
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/accesslog-multi-cel.yaml b/internal/xds/translator/testdata/in/xds-ir/accesslog-multi-cel.yaml
index 95b4971cd39..d84151866f2 100644
--- a/internal/xds/translator/testdata/in/xds-ir/accesslog-multi-cel.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/accesslog-multi-cel.yaml
@@ -39,7 +39,7 @@ accesslog:
protocol: "GRPC"
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/accesslog-without-format.yaml b/internal/xds/translator/testdata/in/xds-ir/accesslog-without-format.yaml
index 434f2fb524c..1492b397569 100644
--- a/internal/xds/translator/testdata/in/xds-ir/accesslog-without-format.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/accesslog-without-format.yaml
@@ -44,7 +44,7 @@ accesslog:
protocol: "GRPC"
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/accesslog.yaml b/internal/xds/translator/testdata/in/xds-ir/accesslog.yaml
index 3f84816fdcf..38d5e8a74be 100644
--- a/internal/xds/translator/testdata/in/xds-ir/accesslog.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/accesslog.yaml
@@ -53,7 +53,7 @@ accesslog:
protocol: "GRPC"
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/backend-buffer-limit.yaml b/internal/xds/translator/testdata/in/xds-ir/backend-buffer-limit.yaml
index 493180389ad..4cb9541775b 100644
--- a/internal/xds/translator/testdata/in/xds-ir/backend-buffer-limit.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/backend-buffer-limit.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
@@ -21,7 +21,7 @@ http:
bufferLimit: 100000000
tcp:
- name: "second-listener"
- address: "0.0.0.0"
+ address: "::"
connection:
bufferLimit: 1500
port: 10081
@@ -37,7 +37,7 @@ tcp:
bufferLimit: 100000000
udp:
- name: "udp-route"
- address: "0.0.0.0"
+ address: "::"
port: 10080
route:
name: "udp-route"
diff --git a/internal/xds/translator/testdata/in/xds-ir/circuit-breaker.yaml b/internal/xds/translator/testdata/in/xds-ir/circuit-breaker.yaml
index f4dd3bbaa99..1eb6f7b7010 100644
--- a/internal/xds/translator/testdata/in/xds-ir/circuit-breaker.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/circuit-breaker.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/client-buffer-limit.yaml b/internal/xds/translator/testdata/in/xds-ir/client-buffer-limit.yaml
index c7af759ecf9..6604d37dc47 100644
--- a/internal/xds/translator/testdata/in/xds-ir/client-buffer-limit.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/client-buffer-limit.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
@@ -20,7 +20,7 @@ http:
bufferLimit: 1500
tcp:
- name: "second-listener"
- address: "0.0.0.0"
+ address: "::"
connection:
bufferLimit: 1500
port: 10081
diff --git a/internal/xds/translator/testdata/in/xds-ir/client-ip-detection.yaml b/internal/xds/translator/testdata/in/xds-ir/client-ip-detection.yaml
index de3236a8622..1894902a0ba 100644
--- a/internal/xds/translator/testdata/in/xds-ir/client-ip-detection.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/client-ip-detection.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 8081
hostnames:
- "*"
@@ -17,7 +17,7 @@ http:
xForwardedFor:
numTrustedHops: 2
- name: "second-listener"
- address: "0.0.0.0"
+ address: "::"
port: 8082
hostnames:
- "*"
@@ -35,7 +35,7 @@ http:
name: "x-my-custom-header"
failClosed: false
- name: "third-listener"
- address: "0.0.0.0"
+ address: "::"
port: 8083
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/client-timeout.yaml b/internal/xds/translator/testdata/in/xds-ir/client-timeout.yaml
index 741f2d46451..6ce11179029 100644
--- a/internal/xds/translator/testdata/in/xds-ir/client-timeout.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/client-timeout.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
@@ -22,7 +22,7 @@ http:
idleTimeout: "10s"
tcp:
- name: "second-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10081
routes:
- name: "second-route"
diff --git a/internal/xds/translator/testdata/in/xds-ir/cors.yaml b/internal/xds/translator/testdata/in/xds-ir/cors.yaml
index 0e046110a00..2d7fedf0513 100644
--- a/internal/xds/translator/testdata/in/xds-ir/cors.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/cors.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/fault-injection.yaml b/internal/xds/translator/testdata/in/xds-ir/fault-injection.yaml
index 39b351eb6ec..163e3507cae 100644
--- a/internal/xds/translator/testdata/in/xds-ir/fault-injection.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/fault-injection.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
path:
mergeSlashes: true
diff --git a/internal/xds/translator/testdata/in/xds-ir/headers-with-preserve-x-request-id.yaml b/internal/xds/translator/testdata/in/xds-ir/headers-with-preserve-x-request-id.yaml
index 1376be42e14..d2599bc005c 100644
--- a/internal/xds/translator/testdata/in/xds-ir/headers-with-preserve-x-request-id.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/headers-with-preserve-x-request-id.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 8081
hostnames:
- "*"
@@ -16,7 +16,7 @@ http:
headers:
preserveXRequestID: true
- name: "second-listener"
- address: "0.0.0.0"
+ address: "::"
port: 8082
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/headers-with-underscores-action.yaml b/internal/xds/translator/testdata/in/xds-ir/headers-with-underscores-action.yaml
index 53b7076925c..0787ec0780a 100644
--- a/internal/xds/translator/testdata/in/xds-ir/headers-with-underscores-action.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/headers-with-underscores-action.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 8081
hostnames:
- "*"
@@ -14,7 +14,7 @@ http:
- host: "1.1.1.1"
port: 8081
- name: "second-listener"
- address: "0.0.0.0"
+ address: "::"
port: 8082
hostnames:
- "*"
@@ -30,7 +30,7 @@ http:
headers:
withUnderscoresAction: Allow
- name: "third-listener"
- address: "0.0.0.0"
+ address: "::"
port: 8083
hostnames:
- "*"
@@ -46,7 +46,7 @@ http:
headers:
withUnderscoresAction: RejectRequest
- name: "fourth-listener"
- address: "0.0.0.0"
+ address: "::"
port: 8084
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/health-check.yaml b/internal/xds/translator/testdata/in/xds-ir/health-check.yaml
index 12f62f86414..b78270a421a 100644
--- a/internal/xds/translator/testdata/in/xds-ir/health-check.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/health-check.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
path:
mergeSlashes: true
escapedSlashesAction: UnescapeAndRedirect
diff --git a/internal/xds/translator/testdata/in/xds-ir/http-early-header-mutation.yaml b/internal/xds/translator/testdata/in/xds-ir/http-early-header-mutation.yaml
index 6301153cd1c..84b0e2f5673 100644
--- a/internal/xds/translator/testdata/in/xds-ir/http-early-header-mutation.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/http-early-header-mutation.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
@@ -19,7 +19,7 @@ http:
- host: "1.2.3.4"
port: 50000
- name: "second-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10081
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/http-endpoint-stats.yaml b/internal/xds/translator/testdata/in/xds-ir/http-endpoint-stats.yaml
index 12fc177bde8..076e1427e39 100644
--- a/internal/xds/translator/testdata/in/xds-ir/http-endpoint-stats.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/http-endpoint-stats.yaml
@@ -3,7 +3,7 @@ metrics:
enablePerEndpointStats: true
http:
- name: "listener-enable-endpoint-stats"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/http-health-check.yaml b/internal/xds/translator/testdata/in/xds-ir/http-health-check.yaml
index a4bdd70a384..2a22775b7c0 100644
--- a/internal/xds/translator/testdata/in/xds-ir/http-health-check.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/http-health-check.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/http-req-resp-sizes-stats.yaml b/internal/xds/translator/testdata/in/xds-ir/http-req-resp-sizes-stats.yaml
index 5c174e363ef..3831d1a6bd4 100644
--- a/internal/xds/translator/testdata/in/xds-ir/http-req-resp-sizes-stats.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/http-req-resp-sizes-stats.yaml
@@ -3,7 +3,7 @@ metrics:
enableRequestResponseSizesStats: true
http:
- name: "listener-enable-req-resp-sizes-stats"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-direct-response.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-direct-response.yaml
index 9db15c7fb9d..c51cf53a389 100644
--- a/internal/xds/translator/testdata/in/xds-ir/http-route-direct-response.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/http-route-direct-response.yaml
@@ -1,7 +1,7 @@
name: "http-route"
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-dns-cluster.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-dns-cluster.yaml
index 1cb0be3ec26..12986c3ed86 100644
--- a/internal/xds/translator/testdata/in/xds-ir/http-route-dns-cluster.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/http-route-dns-cluster.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-mirror.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-mirror.yaml
index b00449b384f..5d000b85bdf 100644
--- a/internal/xds/translator/testdata/in/xds-ir/http-route-mirror.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/http-route-mirror.yaml
@@ -1,7 +1,7 @@
name: "http-route"
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-multiple-mirrors.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-multiple-mirrors.yaml
index 3d13de381be..02724f765d7 100644
--- a/internal/xds/translator/testdata/in/xds-ir/http-route-multiple-mirrors.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/http-route-multiple-mirrors.yaml
@@ -1,7 +1,7 @@
name: "http-route"
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-partial-invalid.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-partial-invalid.yaml
index d72ec1d2c68..ad06367ef75 100644
--- a/internal/xds/translator/testdata/in/xds-ir/http-route-partial-invalid.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/http-route-partial-invalid.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-redirect.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-redirect.yaml
index 1c541a9caac..dd2a5aaeb1c 100644
--- a/internal/xds/translator/testdata/in/xds-ir/http-route-redirect.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/http-route-redirect.yaml
@@ -1,7 +1,7 @@
name: "http-route"
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-regex.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-regex.yaml
index d9558ad99a2..cfa271c3e98 100644
--- a/internal/xds/translator/testdata/in/xds-ir/http-route-regex.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/http-route-regex.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-request-headers.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-request-headers.yaml
index fb45b8db724..7bd5a5013cf 100644
--- a/internal/xds/translator/testdata/in/xds-ir/http-route-request-headers.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/http-route-request-headers.yaml
@@ -1,7 +1,7 @@
name: "http-route"
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-response-add-headers.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-response-add-headers.yaml
index 3cfaf5e4945..c27f02da065 100644
--- a/internal/xds/translator/testdata/in/xds-ir/http-route-response-add-headers.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/http-route-response-add-headers.yaml
@@ -1,7 +1,7 @@
name: "http-route"
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-response-add-remove-headers.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-response-add-remove-headers.yaml
index c97d927dff6..d04cc086e90 100644
--- a/internal/xds/translator/testdata/in/xds-ir/http-route-response-add-remove-headers.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/http-route-response-add-remove-headers.yaml
@@ -1,7 +1,7 @@
name: "http-route"
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-response-remove-headers.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-response-remove-headers.yaml
index f7b30b3d7d6..8ecd2bb4c74 100644
--- a/internal/xds/translator/testdata/in/xds-ir/http-route-response-remove-headers.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/http-route-response-remove-headers.yaml
@@ -1,7 +1,7 @@
name: "http-route"
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-root-path-url-prefix.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-root-path-url-prefix.yaml
index f4307644514..97e92bd1f25 100644
--- a/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-root-path-url-prefix.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-root-path-url-prefix.yaml
@@ -1,7 +1,7 @@
name: "http-route"
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.yaml
index 97d0b5457cd..3dce5f3d6a9 100644
--- a/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.yaml
@@ -1,7 +1,7 @@
name: "http-route"
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-url-fullpath.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-url-fullpath.yaml
index 4d08acb93ee..a3c9eef83cf 100644
--- a/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-url-fullpath.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-url-fullpath.yaml
@@ -1,7 +1,7 @@
name: "http-route"
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-url-host.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-url-host.yaml
index 525a22210b9..7e971a596c6 100644
--- a/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-url-host.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-url-host.yaml
@@ -1,7 +1,7 @@
name: "http-route"
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-url-prefix.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-url-prefix.yaml
index df4f2e9c2bf..de751b8680b 100644
--- a/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-url-prefix.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-url-prefix.yaml
@@ -1,7 +1,7 @@
name: "http-route"
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-url-regex.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-url-regex.yaml
index 0389201186e..531ac4a2941 100644
--- a/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-url-regex.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/http-route-rewrite-url-regex.yaml
@@ -1,7 +1,7 @@
name: "http-route"
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-session-persistence.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-session-persistence.yaml
index 536c5ad50cb..d5cfffa0e4b 100644
--- a/internal/xds/translator/testdata/in/xds-ir/http-route-session-persistence.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/http-route-session-persistence.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-timeout.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-timeout.yaml
index 746d4922542..b3ab173f745 100644
--- a/internal/xds/translator/testdata/in/xds-ir/http-route-timeout.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/http-route-timeout.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-weighted-backend-uds-ip.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-weighted-backend-uds-ip.yaml
index 711913d4dfd..90bf39f5ad0 100644
--- a/internal/xds/translator/testdata/in/xds-ir/http-route-weighted-backend-uds-ip.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/http-route-weighted-backend-uds-ip.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-weighted-backend-with-filters.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-weighted-backend-with-filters.yaml
index 8745e9893bc..5789434790e 100644
--- a/internal/xds/translator/testdata/in/xds-ir/http-route-weighted-backend-with-filters.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/http-route-weighted-backend-with-filters.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
hostnames:
- '*'
path:
diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-weighted-backend.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-weighted-backend.yaml
index 2540dec625a..3a3df9cd596 100644
--- a/internal/xds/translator/testdata/in/xds-ir/http-route-weighted-backend.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/http-route-weighted-backend.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route-weighted-invalid-backend.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route-weighted-invalid-backend.yaml
index d883bac1fa1..c342dc30383 100644
--- a/internal/xds/translator/testdata/in/xds-ir/http-route-weighted-invalid-backend.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/http-route-weighted-invalid-backend.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/http-route.yaml b/internal/xds/translator/testdata/in/xds-ir/http-route.yaml
index 0c89d5a1840..dff106a6ff1 100644
--- a/internal/xds/translator/testdata/in/xds-ir/http-route.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/http-route.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/http1-preserve-case.yaml b/internal/xds/translator/testdata/in/xds-ir/http1-preserve-case.yaml
index f857ac8f854..1b6382fc71a 100644
--- a/internal/xds/translator/testdata/in/xds-ir/http1-preserve-case.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/http1-preserve-case.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
@@ -19,7 +19,7 @@ http:
- host: "1.2.3.4"
port: 50000
- name: "second-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10081
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/http1-trailers.yaml b/internal/xds/translator/testdata/in/xds-ir/http1-trailers.yaml
index 51174744979..83fa599cfd0 100644
--- a/internal/xds/translator/testdata/in/xds-ir/http1-trailers.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/http1-trailers.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/http10.yaml b/internal/xds/translator/testdata/in/xds-ir/http10.yaml
index 47f57a04422..fea6bafa0e5 100644
--- a/internal/xds/translator/testdata/in/xds-ir/http10.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/http10.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "foo.com"
diff --git a/internal/xds/translator/testdata/in/xds-ir/http2-route.yaml b/internal/xds/translator/testdata/in/xds-ir/http2-route.yaml
index 5d271080918..1f11535ee18 100644
--- a/internal/xds/translator/testdata/in/xds-ir/http2-route.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/http2-route.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/http2.yaml b/internal/xds/translator/testdata/in/xds-ir/http2.yaml
index c95bc0442c0..ffa5e487a7a 100644
--- a/internal/xds/translator/testdata/in/xds-ir/http2.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/http2.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "foo.com"
diff --git a/internal/xds/translator/testdata/in/xds-ir/jsonpatch-add-op-empty-jsonpath.yaml b/internal/xds/translator/testdata/in/xds-ir/jsonpatch-add-op-empty-jsonpath.yaml
index 9c248772920..8d78880b81b 100644
--- a/internal/xds/translator/testdata/in/xds-ir/jsonpatch-add-op-empty-jsonpath.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/jsonpatch-add-op-empty-jsonpath.yaml
@@ -28,7 +28,7 @@ envoyPatchPolicies:
region: second-route-dest/backend/0
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/jsonpatch-add-op-without-value.yaml b/internal/xds/translator/testdata/in/xds-ir/jsonpatch-add-op-without-value.yaml
index b4659755214..2dea53dcc3c 100644
--- a/internal/xds/translator/testdata/in/xds-ir/jsonpatch-add-op-without-value.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/jsonpatch-add-op-without-value.yaml
@@ -33,7 +33,7 @@ envoyPatchPolicies:
path: "/virtual_hosts/0/rate_limits"
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/jsonpatch-invalid-patch.yaml b/internal/xds/translator/testdata/in/xds-ir/jsonpatch-invalid-patch.yaml
index 551bdd6dda6..70ae0f10710 100644
--- a/internal/xds/translator/testdata/in/xds-ir/jsonpatch-invalid-patch.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/jsonpatch-invalid-patch.yaml
@@ -28,7 +28,7 @@ envoyPatchPolicies:
transport_api_version: V3
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/jsonpatch-missing-resource.yaml b/internal/xds/translator/testdata/in/xds-ir/jsonpatch-missing-resource.yaml
index 3f50ddf7aaf..f10bf20addc 100644
--- a/internal/xds/translator/testdata/in/xds-ir/jsonpatch-missing-resource.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/jsonpatch-missing-resource.yaml
@@ -28,7 +28,7 @@ envoyPatchPolicies:
transport_api_version: V3
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/jsonpatch-move-op-with-value.yaml b/internal/xds/translator/testdata/in/xds-ir/jsonpatch-move-op-with-value.yaml
index d66eaa633db..dd586aec3ea 100644
--- a/internal/xds/translator/testdata/in/xds-ir/jsonpatch-move-op-with-value.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/jsonpatch-move-op-with-value.yaml
@@ -36,7 +36,7 @@ envoyPatchPolicies:
test: "abc"
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/jsonpatch-with-jsonpath-invalid.yaml b/internal/xds/translator/testdata/in/xds-ir/jsonpatch-with-jsonpath-invalid.yaml
index 5b677788a22..9b0d7b4937b 100644
--- a/internal/xds/translator/testdata/in/xds-ir/jsonpatch-with-jsonpath-invalid.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/jsonpatch-with-jsonpath-invalid.yaml
@@ -17,7 +17,7 @@ envoyPatchPolicies:
value: "50"
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/jsonpatch-with-jsonpath.yaml b/internal/xds/translator/testdata/in/xds-ir/jsonpatch-with-jsonpath.yaml
index a02cad99d67..34ca0aff98c 100644
--- a/internal/xds/translator/testdata/in/xds-ir/jsonpatch-with-jsonpath.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/jsonpatch-with-jsonpath.yaml
@@ -121,7 +121,7 @@ envoyPatchPolicies:
path: "/endpoints/0/load_balancing_weight"
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/jsonpatch.yaml b/internal/xds/translator/testdata/in/xds-ir/jsonpatch.yaml
index 1aa76efdfab..04b88fca088 100644
--- a/internal/xds/translator/testdata/in/xds-ir/jsonpatch.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/jsonpatch.yaml
@@ -109,7 +109,7 @@ envoyPatchPolicies:
path: "/endpoints/0/load_balancing_weight"
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/jwt-custom-extractor.yaml b/internal/xds/translator/testdata/in/xds-ir/jwt-custom-extractor.yaml
index 8d24373fd6a..1f0ff2189ec 100644
--- a/internal/xds/translator/testdata/in/xds-ir/jwt-custom-extractor.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/jwt-custom-extractor.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/jwt-multi-route-multi-provider.yaml b/internal/xds/translator/testdata/in/xds-ir/jwt-multi-route-multi-provider.yaml
index 88f88f5aa35..3d52645831e 100644
--- a/internal/xds/translator/testdata/in/xds-ir/jwt-multi-route-multi-provider.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/jwt-multi-route-multi-provider.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/jwt-multi-route-single-provider.yaml b/internal/xds/translator/testdata/in/xds-ir/jwt-multi-route-single-provider.yaml
index 324f54d9311..1e0a31975d4 100644
--- a/internal/xds/translator/testdata/in/xds-ir/jwt-multi-route-single-provider.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/jwt-multi-route-single-provider.yaml
@@ -3,7 +3,7 @@ accesslog:
- path: "/dev/stdout"
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/jwt-optional.yaml b/internal/xds/translator/testdata/in/xds-ir/jwt-optional.yaml
index b43dd005257..7ab85e6928e 100644
--- a/internal/xds/translator/testdata/in/xds-ir/jwt-optional.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/jwt-optional.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/jwt-ratelimit.yaml b/internal/xds/translator/testdata/in/xds-ir/jwt-ratelimit.yaml
index 008b5b9bde6..18957afe903 100644
--- a/internal/xds/translator/testdata/in/xds-ir/jwt-ratelimit.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/jwt-ratelimit.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/jwt-single-route-single-match.yaml b/internal/xds/translator/testdata/in/xds-ir/jwt-single-route-single-match.yaml
index a5b72e0ff53..4df3cf34798 100644
--- a/internal/xds/translator/testdata/in/xds-ir/jwt-single-route-single-match.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/jwt-single-route-single-match.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/listener-connection-limit.yaml b/internal/xds/translator/testdata/in/xds-ir/listener-connection-limit.yaml
index 049ec905b9a..b758db9918b 100644
--- a/internal/xds/translator/testdata/in/xds-ir/listener-connection-limit.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/listener-connection-limit.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "foo.com"
@@ -18,7 +18,7 @@ http:
- host: "1.2.3.4"
port: 50000
- name: "second-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10081
hostnames:
- "foo.net"
@@ -39,31 +39,33 @@ http:
port: 50000
tcp:
- name: "third-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10082
connection:
limit:
value: 3
- tls:
- passthrough:
- snis:
- - bar.com
- destination:
- name: "tls-route-dest"
- settings:
- - endpoints:
- - host: "1.2.3.4"
- port: 50000
+ routes:
+ - tls:
+ inspector:
+ snis:
+ - bar.com
+ destination:
+ name: "tls-route-dest"
+ settings:
+ - endpoints:
+ - host: "1.2.3.4"
+ port: 50000
- name: "fourth-listener"
- address: "0.0.0.0"
+ address: "::"
connection:
limit:
value: 10
closeDelay: 3s
port: 10083
- destination:
- name: "tcp-route-dest"
- settings:
- - endpoints:
- - host: "1.2.3.4"
- port: 50000
+ routes:
+ - destination:
+ name: "tcp-route-dest"
+ settings:
+ - endpoints:
+ - host: "1.2.3.4"
+ port: 50000
diff --git a/internal/xds/translator/testdata/in/xds-ir/listener-proxy-protocol.yaml b/internal/xds/translator/testdata/in/xds-ir/listener-proxy-protocol.yaml
index 35f4e744093..f9f26a8103a 100644
--- a/internal/xds/translator/testdata/in/xds-ir/listener-proxy-protocol.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/listener-proxy-protocol.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "foo.com"
@@ -32,7 +32,7 @@ http:
port: 50000
tcp:
- name: "second-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10081
enableProxyProtocol: true
routes:
diff --git a/internal/xds/translator/testdata/in/xds-ir/listener-tcp-keepalive.yaml b/internal/xds/translator/testdata/in/xds-ir/listener-tcp-keepalive.yaml
index 9bdaf244912..e9da0aa245f 100644
--- a/internal/xds/translator/testdata/in/xds-ir/listener-tcp-keepalive.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/listener-tcp-keepalive.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "foo.com"
@@ -18,7 +18,7 @@ http:
- host: "1.2.3.4"
port: 50000
- name: "second-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10081
hostnames:
- "foo.net"
@@ -40,27 +40,29 @@ http:
port: 50000
tcp:
- name: "third-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10082
tcpKeepalive: {}
- tls:
- inspector:
- snis:
- - bar.com
- destination:
- name: "tls-route-dest"
- settings:
- - endpoints:
- - host: "1.2.3.4"
- port: 50000
+ routes:
+ - tls:
+ inspector:
+ snis:
+ - bar.com
+ destination:
+ name: "tls-route-dest"
+ settings:
+ - endpoints:
+ - host: "1.2.3.4"
+ port: 50000
- name: "fourth-listener"
- address: "0.0.0.0"
+ address: "::"
tcpKeepalive:
probes: 10
port: 10083
- destination:
- name: "tcp-route-dest"
- settings:
- - endpoints:
- - host: "1.2.3.4"
- port: 50000
+ routes:
+ - destination:
+ name: "tcp-route-dest"
+ settings:
+ - endpoints:
+ - host: "1.2.3.4"
+ port: 50000
diff --git a/internal/xds/translator/testdata/in/xds-ir/listener-tcp-without-route.yaml b/internal/xds/translator/testdata/in/xds-ir/listener-tcp-without-route.yaml
new file mode 100644
index 00000000000..cc24bfbdf00
--- /dev/null
+++ b/internal/xds/translator/testdata/in/xds-ir/listener-tcp-without-route.yaml
@@ -0,0 +1,17 @@
+tcp:
+- address: 0.0.0.0
+ connection:
+ bufferLimit: 50000000
+ limit:
+ closeDelay: 10s
+ value: 3
+ enableProxyProtocol: true
+ name: envoy-gateway/gateway-1/tls-1
+ port: 10443
+ tcpKeepalive:
+ idleTime: 1200
+ interval: 60
+ probes: 3
+ timeout:
+ tcp:
+ idleTimeout: 20m0s
diff --git a/internal/xds/translator/testdata/in/xds-ir/load-balancer.yaml b/internal/xds/translator/testdata/in/xds-ir/load-balancer.yaml
index d2b754bf16b..17a09c845b5 100644
--- a/internal/xds/translator/testdata/in/xds-ir/load-balancer.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/load-balancer.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/local-ratelimit.yaml b/internal/xds/translator/testdata/in/xds-ir/local-ratelimit.yaml
index fb7baf05cd6..8299d0f0823 100644
--- a/internal/xds/translator/testdata/in/xds-ir/local-ratelimit.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/local-ratelimit.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/metrics-virtual-host.yaml b/internal/xds/translator/testdata/in/xds-ir/metrics-virtual-host.yaml
index 39f1a23dc7f..e326e5667cf 100644
--- a/internal/xds/translator/testdata/in/xds-ir/metrics-virtual-host.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/metrics-virtual-host.yaml
@@ -3,7 +3,7 @@ metrics:
enableVirtualHostStats: true
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/mixed-tls-jwt-authn.yaml b/internal/xds/translator/testdata/in/xds-ir/mixed-tls-jwt-authn.yaml
index e77e1262245..e1d7f0658fb 100644
--- a/internal/xds/translator/testdata/in/xds-ir/mixed-tls-jwt-authn.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/mixed-tls-jwt-authn.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/multiple-listeners-same-port.yaml b/internal/xds/translator/testdata/in/xds-ir/multiple-listeners-same-port.yaml
index b694ac5aab0..3aca8e48b0b 100644
--- a/internal/xds/translator/testdata/in/xds-ir/multiple-listeners-same-port.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/multiple-listeners-same-port.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "foo.com"
@@ -27,7 +27,7 @@ http:
- host: "1.2.3.4"
port: 50000
- name: "second-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "foo.net"
@@ -54,7 +54,7 @@ http:
- host: "1.2.3.4"
port: 50000
- name: "third-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "example.com"
@@ -71,7 +71,7 @@ http:
- host: "1.2.3.4"
port: 50000
- name: "fourth-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "example.net"
@@ -89,7 +89,7 @@ http:
port: 50000
tcp:
- name: "fifth-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
routes:
- name: "fifth-route"
@@ -104,7 +104,7 @@ tcp:
- host: "1.2.3.4"
port: 50000
- name: "sixth-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
routes:
- name: "sixth-route"
diff --git a/internal/xds/translator/testdata/in/xds-ir/multiple-simple-tcp-route-same-port.yaml b/internal/xds/translator/testdata/in/xds-ir/multiple-simple-tcp-route-same-port.yaml
index 19ad6357e9a..ba1eff21400 100644
--- a/internal/xds/translator/testdata/in/xds-ir/multiple-simple-tcp-route-same-port.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/multiple-simple-tcp-route-same-port.yaml
@@ -1,6 +1,6 @@
tcp:
- name: "tcp-listener-simple"
- address: "0.0.0.0"
+ address: "::"
port: 10080
routes:
- name: "tcp-route-simple"
@@ -13,7 +13,7 @@ tcp:
- host: "5.6.7.8"
port: 50001
- name: "tcp-listener-simple-1"
- address: "0.0.0.0"
+ address: "::"
port: 10080
routes:
- name: "tcp-route-simple-1"
@@ -26,7 +26,7 @@ tcp:
- host: "5.6.7.8"
port: 50001
- name: "tcp-listener-simple-2"
- address: "0.0.0.0"
+ address: "::"
port: 10080
routes:
- name: "tcp-route-simple-2"
@@ -39,7 +39,7 @@ tcp:
- host: "5.6.7.8"
port: 50001
- name: "tcp-listener-simple-3"
- address: "0.0.0.0"
+ address: "::"
port: 10080
routes:
- name: "tcp-route-simple-3"
@@ -52,7 +52,7 @@ tcp:
- host: "5.6.7.8"
port: 50001
- name: "tcp-listener-simple-4"
- address: "0.0.0.0"
+ address: "::"
port: 10080
routes:
- name: "tcp-route-simple-4"
diff --git a/internal/xds/translator/testdata/in/xds-ir/mutual-tls-forward-client-certificate-with-custom-data.yaml b/internal/xds/translator/testdata/in/xds-ir/mutual-tls-forward-client-certificate-with-custom-data.yaml
index aac60cf7c41..b975466c27a 100644
--- a/internal/xds/translator/testdata/in/xds-ir/mutual-tls-forward-client-certificate-with-custom-data.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/mutual-tls-forward-client-certificate-with-custom-data.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10001
hostnames:
- "*"
@@ -36,7 +36,7 @@ http:
- host: "10.0.0.1"
port: 10001
- name: "second-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10002
hostnames:
- "*"
@@ -73,7 +73,7 @@ http:
- host: "10.0.0.1"
port: 10002
- name: "third-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10003
hostnames:
- "*"
@@ -111,7 +111,7 @@ http:
- host: "10.0.0.1"
port: 10003
- name: "fourth-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10004
hostnames:
- "*"
@@ -151,7 +151,7 @@ http:
- host: "10.0.0.1"
port: 10004
- name: "fifth-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10005
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/mutual-tls-forward-client-certificate.yaml b/internal/xds/translator/testdata/in/xds-ir/mutual-tls-forward-client-certificate.yaml
index 72eaea1f58e..5f50492e526 100644
--- a/internal/xds/translator/testdata/in/xds-ir/mutual-tls-forward-client-certificate.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/mutual-tls-forward-client-certificate.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10001
hostnames:
- "*"
@@ -36,7 +36,7 @@ http:
- host: "10.0.0.1"
port: 10001
- name: "second-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10002
hostnames:
- "*"
@@ -72,7 +72,7 @@ http:
- host: "10.0.0.1"
port: 10002
- name: "third-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10003
hostnames:
- "*"
@@ -108,7 +108,7 @@ http:
- host: "10.0.0.1"
port: 10003
- name: "fourth-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10004
hostnames:
- "*"
@@ -144,7 +144,7 @@ http:
- host: "10.0.0.1"
port: 10004
- name: "fifth-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10005
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/mutual-tls-required-client-certificate-disabled.yaml b/internal/xds/translator/testdata/in/xds-ir/mutual-tls-required-client-certificate-disabled.yaml
index 61f67998deb..cfe94ba32f3 100644
--- a/internal/xds/translator/testdata/in/xds-ir/mutual-tls-required-client-certificate-disabled.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/mutual-tls-required-client-certificate-disabled.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
@@ -35,7 +35,7 @@ http:
port: 50000
tcp:
- name: "second-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10081
tls:
certificates:
diff --git a/internal/xds/translator/testdata/in/xds-ir/mutual-tls.yaml b/internal/xds/translator/testdata/in/xds-ir/mutual-tls.yaml
index 01103c9e5ec..d4ba0f617e9 100644
--- a/internal/xds/translator/testdata/in/xds-ir/mutual-tls.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/mutual-tls.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
@@ -35,7 +35,7 @@ http:
port: 50000
tcp:
- name: "second-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10081
tls:
certificates:
diff --git a/internal/xds/translator/testdata/in/xds-ir/oidc-backend-cluster-provider.yaml b/internal/xds/translator/testdata/in/xds-ir/oidc-backend-cluster-provider.yaml
index 6fc9a045bca..993f775947a 100644
--- a/internal/xds/translator/testdata/in/xds-ir/oidc-backend-cluster-provider.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/oidc-backend-cluster-provider.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/oidc.yaml b/internal/xds/translator/testdata/in/xds-ir/oidc.yaml
index 828da7c2fb1..c2e75b916d0 100644
--- a/internal/xds/translator/testdata/in/xds-ir/oidc.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/oidc.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/path-settings.yaml b/internal/xds/translator/testdata/in/xds-ir/path-settings.yaml
index 1eddbaab253..e3752799fc6 100644
--- a/internal/xds/translator/testdata/in/xds-ir/path-settings.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/path-settings.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/proxy-protocol-upstream.yaml b/internal/xds/translator/testdata/in/xds-ir/proxy-protocol-upstream.yaml
index 47df0026b9f..c1e4c9dd632 100644
--- a/internal/xds/translator/testdata/in/xds-ir/proxy-protocol-upstream.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/proxy-protocol-upstream.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/ratelimit-custom-domain.yaml b/internal/xds/translator/testdata/in/xds-ir/ratelimit-custom-domain.yaml
index 271d39cfdcb..663dda6eb06 100644
--- a/internal/xds/translator/testdata/in/xds-ir/ratelimit-custom-domain.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/ratelimit-custom-domain.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/ratelimit-disable-headers.yaml b/internal/xds/translator/testdata/in/xds-ir/ratelimit-disable-headers.yaml
index 7c48e227ecc..56028c4162c 100644
--- a/internal/xds/translator/testdata/in/xds-ir/ratelimit-disable-headers.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/ratelimit-disable-headers.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/ratelimit-endpoint-stats.yaml b/internal/xds/translator/testdata/in/xds-ir/ratelimit-endpoint-stats.yaml
index 32f95117283..d7e2dea2ac1 100644
--- a/internal/xds/translator/testdata/in/xds-ir/ratelimit-endpoint-stats.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/ratelimit-endpoint-stats.yaml
@@ -2,7 +2,7 @@ metrics:
enablePerEndpointStats: true
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/ratelimit-headers-and-cidr.yaml b/internal/xds/translator/testdata/in/xds-ir/ratelimit-headers-and-cidr.yaml
index fa9b6f31ae5..d6b6a9b3245 100644
--- a/internal/xds/translator/testdata/in/xds-ir/ratelimit-headers-and-cidr.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/ratelimit-headers-and-cidr.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/ratelimit-sourceip.yaml b/internal/xds/translator/testdata/in/xds-ir/ratelimit-sourceip.yaml
index 495fa9b7a1f..289104b1df3 100644
--- a/internal/xds/translator/testdata/in/xds-ir/ratelimit-sourceip.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/ratelimit-sourceip.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/ratelimit.yaml b/internal/xds/translator/testdata/in/xds-ir/ratelimit.yaml
index 2279315caed..7af166fca4d 100644
--- a/internal/xds/translator/testdata/in/xds-ir/ratelimit.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/ratelimit.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/retry-partial-invalid.yaml b/internal/xds/translator/testdata/in/xds-ir/retry-partial-invalid.yaml
index 7483356722d..cb883565f8c 100644
--- a/internal/xds/translator/testdata/in/xds-ir/retry-partial-invalid.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/retry-partial-invalid.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/securitypolicy-with-oidc-jwt-authz.yaml b/internal/xds/translator/testdata/in/xds-ir/securitypolicy-with-oidc-jwt-authz.yaml
new file mode 100644
index 00000000000..fffcb7fd8bd
--- /dev/null
+++ b/internal/xds/translator/testdata/in/xds-ir/securitypolicy-with-oidc-jwt-authz.yaml
@@ -0,0 +1,80 @@
+http:
+- name: "envoy-gateway/gateway-1/http"
+ address: 0.0.0.0
+ hostnames:
+ - '*'
+ isHTTP2: false
+ metadata:
+ kind: Gateway
+ name: gateway-1
+ namespace: envoy-gateway
+ sectionName: http
+ path:
+ escapedSlashesAction: UnescapeAndRedirect
+ mergeSlashes: true
+ port: 10080
+ routes:
+ - destination:
+ name: httproute/default/httproute-1/rule/0
+ settings:
+ - addressType: IP
+ endpoints:
+ - host: 7.7.7.7
+ port: 8080
+ protocol: HTTP
+ weight: 1
+ hostname: www.example.com
+ isHTTP2: false
+ metadata:
+ kind: HTTPRoute
+ name: httproute-1
+ namespace: default
+ name: httproute/default/httproute-1/rule/0/match/0/www_example_com
+ pathMatch:
+ distinct: false
+ name: ""
+ prefix: /foo
+ security:
+ authorization:
+ defaultAction: Deny
+ rules:
+ - action: Allow
+ name: allow
+ principal:
+ jwt:
+ claims:
+ - name: groups
+ valueType: StringArray
+ values:
+ - foobar
+ provider: exjwt
+ jwt:
+ providers:
+ - claimToHeaders:
+ - claim: email
+ header: x-user-email
+ extractFrom:
+ cookies:
+ - IdToken
+ issuer: https://oidc.example.com/auth/realms/example
+ name: exjwt
+ remoteJWKS:
+ uri: https://oidc.example.com/auth/realms/example/protocol/openid-connect/certs
+ oidc:
+ clientID: prometheus
+ clientSecret: '[redacted]'
+ cookieNameOverrides:
+ idToken: IdToken
+ cookieSuffix: 5f93c2e4
+ hmacSecret: '[redacted]'
+ logoutPath: /logout
+ name: securitypolicy/default/policy-for-http-route
+ provider:
+ authorizationEndpoint: https://oidc.example.com/authorize
+ tokenEndpoint: https://oidc.example.com/oauth/token
+ redirectPath: /oauth2/callback
+ redirectURL: '%REQ(x-forwarded-proto)%://%REQ(:authority)%/oauth2/callback'
+ scopes:
+ - openid
+ - email
+ - profile
diff --git a/internal/xds/translator/testdata/in/xds-ir/simple-tls.yaml b/internal/xds/translator/testdata/in/xds-ir/simple-tls.yaml
index 7309020334a..fd1408fdf2d 100644
--- a/internal/xds/translator/testdata/in/xds-ir/simple-tls.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/simple-tls.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/suppress-envoy-headers.yaml b/internal/xds/translator/testdata/in/xds-ir/suppress-envoy-headers.yaml
index f26d13b084e..d01294ed199 100644
--- a/internal/xds/translator/testdata/in/xds-ir/suppress-envoy-headers.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/suppress-envoy-headers.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "foo.com"
diff --git a/internal/xds/translator/testdata/in/xds-ir/tcp-endpoint-stats.yaml b/internal/xds/translator/testdata/in/xds-ir/tcp-endpoint-stats.yaml
index 60176773c96..28ee60724bf 100644
--- a/internal/xds/translator/testdata/in/xds-ir/tcp-endpoint-stats.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/tcp-endpoint-stats.yaml
@@ -3,13 +3,14 @@ metrics:
enablePerEndpointStats: true
tcp:
- name: "tcp-route-enable-endpoint-stats"
- address: "0.0.0.0"
+ address: "::"
port: 10080
- destination:
- name: "tcp-route-simple-dest"
- settings:
- - endpoints:
- - host: "1.2.3.4"
- port: 50000
- - host: "5.6.7.8"
- port: 50001
+ routes:
+ - destination:
+ name: "tcp-route-simple-dest"
+ settings:
+ - endpoints:
+ - host: "1.2.3.4"
+ port: 50000
+ - host: "5.6.7.8"
+ port: 50001
diff --git a/internal/xds/translator/testdata/in/xds-ir/tcp-req-resp-sizes-stats.yaml b/internal/xds/translator/testdata/in/xds-ir/tcp-req-resp-sizes-stats.yaml
index 6d5d7fac73c..1b915c58433 100644
--- a/internal/xds/translator/testdata/in/xds-ir/tcp-req-resp-sizes-stats.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/tcp-req-resp-sizes-stats.yaml
@@ -3,13 +3,14 @@ metrics:
enableRequestResponseSizesStats: true
tcp:
- name: "tcp-route-enable-req-resp-sizes-stats"
- address: "0.0.0.0"
+ address: "::"
port: 10080
- destination:
- name: "tcp-route-simple-dest"
- settings:
- - endpoints:
- - host: "1.2.3.4"
- port: 50000
- - host: "5.6.7.8"
- port: 50001
+ routes:
+ - destination:
+ name: "tcp-route-simple-dest"
+ settings:
+ - endpoints:
+ - host: "1.2.3.4"
+ port: 50000
+ - host: "5.6.7.8"
+ port: 50001
diff --git a/internal/xds/translator/testdata/in/xds-ir/tcp-route-complex.yaml b/internal/xds/translator/testdata/in/xds-ir/tcp-route-complex.yaml
index 901c0f66f40..48f58cd84dc 100644
--- a/internal/xds/translator/testdata/in/xds-ir/tcp-route-complex.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/tcp-route-complex.yaml
@@ -1,6 +1,6 @@
tcp:
- name: "tcp-listener-complex"
- address: "0.0.0.0"
+ address: "::"
port: 10080
routes:
- name: "tcp-route-complex"
diff --git a/internal/xds/translator/testdata/in/xds-ir/tcp-route-invalid-endpoint.yaml b/internal/xds/translator/testdata/in/xds-ir/tcp-route-invalid-endpoint.yaml
index 427472d6832..80511b12899 100644
--- a/internal/xds/translator/testdata/in/xds-ir/tcp-route-invalid-endpoint.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/tcp-route-invalid-endpoint.yaml
@@ -1,6 +1,6 @@
tcp:
- name: "tcp-listener-simple"
- address: "0.0.0.0"
+ address: "::"
port: 10080
routes:
- name: "tcp-route-simple"
diff --git a/internal/xds/translator/testdata/in/xds-ir/tcp-route-simple.yaml b/internal/xds/translator/testdata/in/xds-ir/tcp-route-simple.yaml
index 58f1ec03892..ae3ab3fc127 100644
--- a/internal/xds/translator/testdata/in/xds-ir/tcp-route-simple.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/tcp-route-simple.yaml
@@ -1,6 +1,6 @@
tcp:
- name: "tcp-listener-simple"
- address: "0.0.0.0"
+ address: "::"
port: 10080
routes:
- name: "tcp-route-simple"
diff --git a/internal/xds/translator/testdata/in/xds-ir/tcp-route-tls-terminate.yaml b/internal/xds/translator/testdata/in/xds-ir/tcp-route-tls-terminate.yaml
index 2acfdc391ea..86d0101d657 100644
--- a/internal/xds/translator/testdata/in/xds-ir/tcp-route-tls-terminate.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/tcp-route-tls-terminate.yaml
@@ -1,6 +1,6 @@
tcp:
- name: "tls-listener-terminate"
- address: "0.0.0.0"
+ address: "::"
port: 10080
routes:
- name: "tls-route-terminate"
@@ -20,7 +20,7 @@ tcp:
- host: "5.6.7.8"
port: 50001
- name: "tls-terminate-hostname"
- address: "0.0.0.0"
+ address: "::"
port: 10080
tls:
inspector:
diff --git a/internal/xds/translator/testdata/in/xds-ir/tcp-route-weighted-backend.yaml b/internal/xds/translator/testdata/in/xds-ir/tcp-route-weighted-backend.yaml
index 73081048864..2e5e133bc25 100644
--- a/internal/xds/translator/testdata/in/xds-ir/tcp-route-weighted-backend.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/tcp-route-weighted-backend.yaml
@@ -1,6 +1,6 @@
tcp:
- name: "tcp-listener-weighted-backend"
- address: "0.0.0.0"
+ address: "::"
port: 10080
routes:
- name: "tcp-route-weighted-backend"
diff --git a/internal/xds/translator/testdata/in/xds-ir/timeout.yaml b/internal/xds/translator/testdata/in/xds-ir/timeout.yaml
index 8abc0af3cdd..f33270a0dd5 100644
--- a/internal/xds/translator/testdata/in/xds-ir/timeout.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/timeout.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/tls-route-passthrough.yaml b/internal/xds/translator/testdata/in/xds-ir/tls-route-passthrough.yaml
index 285927c9017..54da9ebef28 100644
--- a/internal/xds/translator/testdata/in/xds-ir/tls-route-passthrough.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/tls-route-passthrough.yaml
@@ -1,6 +1,6 @@
tcp:
- name: "tls-passthrough-foo"
- address: "0.0.0.0"
+ address: "::"
port: 10080
routes:
- name: "tls-route-passthrough-foo"
@@ -17,7 +17,7 @@ tcp:
- host: "5.6.7.8"
port: 50001
- name: "tls-passthrough-bar"
- address: "0.0.0.0"
+ address: "::"
port: 10081
routes:
- name: "tls-route-passthrough-bar"
diff --git a/internal/xds/translator/testdata/in/xds-ir/tls-with-ciphers-versions-alpn.yaml b/internal/xds/translator/testdata/in/xds-ir/tls-with-ciphers-versions-alpn.yaml
index afcf3322715..6e70e3afba0 100644
--- a/internal/xds/translator/testdata/in/xds-ir/tls-with-ciphers-versions-alpn.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/tls-with-ciphers-versions-alpn.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
path:
escapedSlashesAction: UnescapeAndRedirect
mergeSlashes: true
@@ -51,7 +51,7 @@ http:
port: 50000
tcp:
- name: "second-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10081
tls:
ciphers:
diff --git a/internal/xds/translator/testdata/in/xds-ir/tracing-datadog.yaml b/internal/xds/translator/testdata/in/xds-ir/tracing-datadog.yaml
index 1ed5b3aef3c..55c83e0bd0d 100644
--- a/internal/xds/translator/testdata/in/xds-ir/tracing-datadog.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/tracing-datadog.yaml
@@ -28,7 +28,7 @@ tracing:
type: Datadog
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/tracing-endpoint-stats.yaml b/internal/xds/translator/testdata/in/xds-ir/tracing-endpoint-stats.yaml
index 1d8c4b7a338..c5ddea6b9ab 100644
--- a/internal/xds/translator/testdata/in/xds-ir/tracing-endpoint-stats.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/tracing-endpoint-stats.yaml
@@ -33,7 +33,7 @@ tracing:
type: OpenTelemetry
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/tracing-invalid.yaml b/internal/xds/translator/testdata/in/xds-ir/tracing-invalid.yaml
index d8b23c5d21e..3a9a50904f6 100644
--- a/internal/xds/translator/testdata/in/xds-ir/tracing-invalid.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/tracing-invalid.yaml
@@ -22,7 +22,7 @@ tracing:
port: 4317
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/tracing-unknown-provider-type.yaml b/internal/xds/translator/testdata/in/xds-ir/tracing-unknown-provider-type.yaml
index 02623bc0c7a..dad1fdba41b 100644
--- a/internal/xds/translator/testdata/in/xds-ir/tracing-unknown-provider-type.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/tracing-unknown-provider-type.yaml
@@ -30,7 +30,7 @@ tracing:
type: AwesomeTelemetry
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/tracing-zipkin.yaml b/internal/xds/translator/testdata/in/xds-ir/tracing-zipkin.yaml
index dded17dd193..52f559c907b 100644
--- a/internal/xds/translator/testdata/in/xds-ir/tracing-zipkin.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/tracing-zipkin.yaml
@@ -34,7 +34,7 @@ tracing:
disableSharedSpanContext: true
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/tracing.yaml b/internal/xds/translator/testdata/in/xds-ir/tracing.yaml
index b5cccf6dbab..7762d44b525 100644
--- a/internal/xds/translator/testdata/in/xds-ir/tracing.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/tracing.yaml
@@ -52,7 +52,7 @@ tracing:
type: OpenTelemetry
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/udp-endpoint-stats.yaml b/internal/xds/translator/testdata/in/xds-ir/udp-endpoint-stats.yaml
index fc597f28928..9e27ffc95aa 100644
--- a/internal/xds/translator/testdata/in/xds-ir/udp-endpoint-stats.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/udp-endpoint-stats.yaml
@@ -3,7 +3,7 @@ metrics:
enablePerEndpointStats: true
udp:
- name: "udp-route-enable-endpoint-stats"
- address: "0.0.0.0"
+ address: "::"
port: 10080
route:
name: "udp-route"
diff --git a/internal/xds/translator/testdata/in/xds-ir/udp-req-resp-sizes-stats.yaml b/internal/xds/translator/testdata/in/xds-ir/udp-req-resp-sizes-stats.yaml
index 1e7e0d9fb53..39f7cf99cf2 100644
--- a/internal/xds/translator/testdata/in/xds-ir/udp-req-resp-sizes-stats.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/udp-req-resp-sizes-stats.yaml
@@ -3,7 +3,7 @@ metrics:
enableRequestResponseSizesStats: true
udp:
- name: "udp-route-enable-req-resp-sizes-stats"
- address: "0.0.0.0"
+ address: "::"
port: 10080
route:
name: "udp-route"
diff --git a/internal/xds/translator/testdata/in/xds-ir/udp-route.yaml b/internal/xds/translator/testdata/in/xds-ir/udp-route.yaml
index a933bdd78a4..8f59089835b 100644
--- a/internal/xds/translator/testdata/in/xds-ir/udp-route.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/udp-route.yaml
@@ -1,6 +1,6 @@
udp:
- name: "udp-route"
- address: "0.0.0.0"
+ address: "::"
port: 10080
route:
name: "udp-route"
diff --git a/internal/xds/translator/testdata/in/xds-ir/upstream-tcpkeepalive.yaml b/internal/xds/translator/testdata/in/xds-ir/upstream-tcpkeepalive.yaml
index b00f5e55a3b..c66533226d8 100644
--- a/internal/xds/translator/testdata/in/xds-ir/upstream-tcpkeepalive.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/upstream-tcpkeepalive.yaml
@@ -1,6 +1,6 @@
http:
- name: "first-listener"
- address: "0.0.0.0"
+ address: "::"
port: 10080
hostnames:
- "*"
diff --git a/internal/xds/translator/testdata/in/xds-ir/wasm.yaml b/internal/xds/translator/testdata/in/xds-ir/wasm.yaml
index 9afa2c97c9c..756e38952fa 100644
--- a/internal/xds/translator/testdata/in/xds-ir/wasm.yaml
+++ b/internal/xds/translator/testdata/in/xds-ir/wasm.yaml
@@ -89,3 +89,6 @@ http:
sha256: 2a19e4f337e5223d7287e7fccd933fb01905deaff804292e5257f8c681b82bee
name: envoyextensionpolicy/envoy-gateway/policy-for-gateway/wasm/2
wasmName: envoyextensionpolicy/envoy-gateway/policy-for-gateway/wasm/2
+ hostKeys:
+ - SOME_KEY
+ - ANOTHER_KEY
diff --git a/internal/xds/translator/testdata/out/extension-xds-ir/extensionpolicy-tcp-udp-http.clusters.yaml b/internal/xds/translator/testdata/out/extension-xds-ir/extensionpolicy-tcp-udp-http.clusters.yaml
index cdbb352dd54..ed3cb77ab01 100644
--- a/internal/xds/translator/testdata/out/extension-xds-ir/extensionpolicy-tcp-udp-http.clusters.yaml
+++ b/internal/xds/translator/testdata/out/extension-xds-ir/extensionpolicy-tcp-udp-http.clusters.yaml
@@ -4,7 +4,40 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
+ edsClusterConfig:
+ edsConfig:
+ ads: {}
+ resourceApiVersion: V3
+ serviceName: http-route-dest
+ ignoreHealthOnHostRemoval: true
+ lbPolicy: LEAST_REQUEST
+ name: http-route-dest
+ outlierDetection: {}
+ perConnectionBufferLimitBytes: 32768
+ type: EDS
+- circuitBreakers:
+ thresholds:
+ - maxRetries: 1024
+ commonLbConfig:
+ localityWeightedLbConfig: {}
+ connectTimeout: 10s
+ edsClusterConfig:
+ edsConfig:
+ ads: {}
+ resourceApiVersion: V3
+ serviceName: tcp-route-dest
+ ignoreHealthOnHostRemoval: true
+ lbPolicy: LEAST_REQUEST
+ name: tcp-route-dest
+ outlierDetection: {}
+ perConnectionBufferLimitBytes: 32768
+ type: EDS
+- circuitBreakers:
+ thresholds:
+ - maxRetries: 1024
+ commonLbConfig:
+ localityWeightedLbConfig: {}
+ connectTimeout: 10s
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/extension-xds-ir/extensionpolicy-tcp-udp-http.endpoints.yaml b/internal/xds/translator/testdata/out/extension-xds-ir/extensionpolicy-tcp-udp-http.endpoints.yaml
index 8869685de5e..9308c055cfe 100644
--- a/internal/xds/translator/testdata/out/extension-xds-ir/extensionpolicy-tcp-udp-http.endpoints.yaml
+++ b/internal/xds/translator/testdata/out/extension-xds-ir/extensionpolicy-tcp-udp-http.endpoints.yaml
@@ -1,3 +1,27 @@
+- clusterName: http-route-dest
+ endpoints:
+ - lbEndpoints:
+ - endpoint:
+ address:
+ socketAddress:
+ address: 1.2.3.4
+ portValue: 50000
+ loadBalancingWeight: 1
+ loadBalancingWeight: 1
+ locality:
+ region: http-route-dest/backend/0
+- clusterName: tcp-route-dest
+ endpoints:
+ - lbEndpoints:
+ - endpoint:
+ address:
+ socketAddress:
+ address: 1.2.3.4
+ portValue: 50000
+ loadBalancingWeight: 1
+ loadBalancingWeight: 1
+ locality:
+ region: tcp-route-dest/backend/0
- clusterName: udp-route-dest
endpoints:
- lbEndpoints:
diff --git a/internal/xds/translator/testdata/out/extension-xds-ir/extensionpolicy-tcp-udp-http.listeners.yaml b/internal/xds/translator/testdata/out/extension-xds-ir/extensionpolicy-tcp-udp-http.listeners.yaml
index 6901c9c7810..026cd70e650 100644
--- a/internal/xds/translator/testdata/out/extension-xds-ir/extensionpolicy-tcp-udp-http.listeners.yaml
+++ b/internal/xds/translator/testdata/out/extension-xds-ir/extensionpolicy-tcp-udp-http.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
address: 0.0.0.0
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
@@ -30,12 +31,20 @@
statPrefix: http-10080
useRemoteAddress: true
name: envoy-gateway/gateway-1/http1
+ filterChains:
+ - filters:
+ - name: envoy.filters.network.tcp_proxy
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
+ cluster: tcp-route-dest
+ statPrefix: tcp-10080
name: envoy-gateway/gateway-1/http1
perConnectionBufferLimitBytes: 32768
statPrefix: envoy-gateway/gateway-1/http1
- address:
socketAddress:
address: 0.0.0.0
+ ipv4Compat: true
portValue: 10162
protocol: UDP
listenerFilters:
diff --git a/internal/xds/translator/testdata/out/extension-xds-ir/extensionpolicy-tcp-udp-http.routes.yaml b/internal/xds/translator/testdata/out/extension-xds-ir/extensionpolicy-tcp-udp-http.routes.yaml
index b03ec37faa6..bfcb22e483f 100644
--- a/internal/xds/translator/testdata/out/extension-xds-ir/extensionpolicy-tcp-udp-http.routes.yaml
+++ b/internal/xds/translator/testdata/out/extension-xds-ir/extensionpolicy-tcp-udp-http.routes.yaml
@@ -1,2 +1,14 @@
- ignorePortInHostMatching: true
name: envoy-gateway/gateway-1/http1
+ virtualHosts:
+ - domains:
+ - '*'
+ name: envoy-gateway/gateway-1/http1/*
+ routes:
+ - match:
+ prefix: /
+ name: http-route
+ route:
+ cluster: http-route-dest
+ upgradeConfigs:
+ - upgradeType: websocket
diff --git a/internal/xds/translator/testdata/out/extension-xds-ir/http-route-extension-filter.clusters.yaml b/internal/xds/translator/testdata/out/extension-xds-ir/http-route-extension-filter.clusters.yaml
index f986750be1b..dbfd7c8e2b2 100644
--- a/internal/xds/translator/testdata/out/extension-xds-ir/http-route-extension-filter.clusters.yaml
+++ b/internal/xds/translator/testdata/out/extension-xds-ir/http-route-extension-filter.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/extension-xds-ir/http-route-extension-filter.listeners.yaml b/internal/xds/translator/testdata/out/extension-xds-ir/http-route-extension-filter.listeners.yaml
index e6777ebece3..507aaab00f5 100644
--- a/internal/xds/translator/testdata/out/extension-xds-ir/http-route-extension-filter.listeners.yaml
+++ b/internal/xds/translator/testdata/out/extension-xds-ir/http-route-extension-filter.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
address: 0.0.0.0
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/extension-xds-ir/http-route.clusters.yaml b/internal/xds/translator/testdata/out/extension-xds-ir/http-route.clusters.yaml
index f986750be1b..dbfd7c8e2b2 100644
--- a/internal/xds/translator/testdata/out/extension-xds-ir/http-route.clusters.yaml
+++ b/internal/xds/translator/testdata/out/extension-xds-ir/http-route.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/extension-xds-ir/http-route.listeners.yaml b/internal/xds/translator/testdata/out/extension-xds-ir/http-route.listeners.yaml
index c3fb113017a..9c25f196445 100644
--- a/internal/xds/translator/testdata/out/extension-xds-ir/http-route.listeners.yaml
+++ b/internal/xds/translator/testdata/out/extension-xds-ir/http-route.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
address: 0.0.0.0
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/extension-xds-ir/listener-policy.listeners.yaml b/internal/xds/translator/testdata/out/extension-xds-ir/listener-policy.listeners.yaml
index 7837e1509fc..5b2e1a6719a 100644
--- a/internal/xds/translator/testdata/out/extension-xds-ir/listener-policy.listeners.yaml
+++ b/internal/xds/translator/testdata/out/extension-xds-ir/listener-policy.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
address: 0.0.0.0
+ ipv4Compat: true
portValue: 10081
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-als-tcp.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-als-tcp.clusters.yaml
index 9696a28a86c..85a1bf46bac 100755
--- a/internal/xds/translator/testdata/out/xds-ir/accesslog-als-tcp.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-als-tcp.clusters.yaml
@@ -5,7 +5,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 15s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-cel.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-cel.clusters.yaml
index 22d5e08aca3..7faf19f8bb4 100644
--- a/internal/xds/translator/testdata/out/xds-ir/accesslog-cel.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-cel.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
dnsRefreshRate: 30s
lbPolicy: LEAST_REQUEST
loadAssignment:
diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-cel.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-cel.listeners.yaml
index d9795d2be43..1bb613cbfcd 100644
--- a/internal/xds/translator/testdata/out/xds-ir/accesslog-cel.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-cel.listeners.yaml
@@ -82,7 +82,8 @@
stringValue: cluster1
address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-endpoint-stats.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-endpoint-stats.clusters.yaml
index 7709f2c4e9c..dae7cbc0d4a 100644
--- a/internal/xds/translator/testdata/out/xds-ir/accesslog-endpoint-stats.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-endpoint-stats.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -24,7 +23,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
dnsRefreshRate: 30s
lbPolicy: LEAST_REQUEST
loadAssignment:
diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-endpoint-stats.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-endpoint-stats.listeners.yaml
index 6a7ebeda5c3..78d5f7abe9f 100644
--- a/internal/xds/translator/testdata/out/xds-ir/accesslog-endpoint-stats.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-endpoint-stats.listeners.yaml
@@ -61,7 +61,8 @@
stringValue: cluster1
address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-formatters.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-formatters.clusters.yaml
index 22d5e08aca3..7faf19f8bb4 100644
--- a/internal/xds/translator/testdata/out/xds-ir/accesslog-formatters.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-formatters.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
dnsRefreshRate: 30s
lbPolicy: LEAST_REQUEST
loadAssignment:
diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-formatters.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-formatters.listeners.yaml
index cb6e3ef7759..2532b596f44 100644
--- a/internal/xds/translator/testdata/out/xds-ir/accesslog-formatters.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-formatters.listeners.yaml
@@ -105,7 +105,8 @@
stringValue: cluster1
address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-multi-cel.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-multi-cel.clusters.yaml
index 22d5e08aca3..7faf19f8bb4 100644
--- a/internal/xds/translator/testdata/out/xds-ir/accesslog-multi-cel.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-multi-cel.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
dnsRefreshRate: 30s
lbPolicy: LEAST_REQUEST
loadAssignment:
diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-multi-cel.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-multi-cel.listeners.yaml
index 3677e6bec6b..713a4137c31 100644
--- a/internal/xds/translator/testdata/out/xds-ir/accesslog-multi-cel.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-multi-cel.listeners.yaml
@@ -97,7 +97,8 @@
stringValue: cluster1
address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-types.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-types.clusters.yaml
index 5e41cf09397..98d56781cb2 100644
--- a/internal/xds/translator/testdata/out/xds-ir/accesslog-types.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-types.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -47,7 +45,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -72,7 +69,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -97,7 +93,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -122,7 +117,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -147,7 +141,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -172,7 +165,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
dnsRefreshRate: 30s
lbPolicy: LEAST_REQUEST
loadAssignment:
@@ -206,7 +198,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
dnsRefreshRate: 30s
lbPolicy: LEAST_REQUEST
loadAssignment:
@@ -240,7 +231,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
dnsRefreshRate: 30s
lbPolicy: LEAST_REQUEST
loadAssignment:
diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-types.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-types.listeners.yaml
index dbb30726378..8bdbfafa21e 100644
--- a/internal/xds/translator/testdata/out/xds-ir/accesslog-types.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-types.listeners.yaml
@@ -142,6 +142,7 @@
address:
socketAddress:
address: 0.0.0.0
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-without-format.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-without-format.clusters.yaml
index dbf145e7d6d..967893fbd41 100644
--- a/internal/xds/translator/testdata/out/xds-ir/accesslog-without-format.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-without-format.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -47,7 +45,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
dnsRefreshRate: 30s
lbPolicy: LEAST_REQUEST
loadAssignment:
diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog-without-format.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog-without-format.listeners.yaml
index 9df135e671c..27da99342c3 100644
--- a/internal/xds/translator/testdata/out/xds-ir/accesslog-without-format.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/accesslog-without-format.listeners.yaml
@@ -80,7 +80,8 @@
stringValue: cluster1
address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog.clusters.yaml
index dbf145e7d6d..967893fbd41 100644
--- a/internal/xds/translator/testdata/out/xds-ir/accesslog.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/accesslog.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -47,7 +45,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
dnsRefreshRate: 30s
lbPolicy: LEAST_REQUEST
loadAssignment:
diff --git a/internal/xds/translator/testdata/out/xds-ir/accesslog.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/accesslog.listeners.yaml
index 0ef9cdc5fab..c43406cbaea 100644
--- a/internal/xds/translator/testdata/out/xds-ir/accesslog.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/accesslog.listeners.yaml
@@ -80,7 +80,8 @@
stringValue: cluster1
address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/authorization-client-cidr.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/authorization-client-cidr.clusters.yaml
index 0002897cb8d..815e3e469ea 100644
--- a/internal/xds/translator/testdata/out/xds-ir/authorization-client-cidr.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/authorization-client-cidr.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -40,7 +38,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/authorization-client-cidr.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/authorization-client-cidr.listeners.yaml
index 907d28f78b7..1a6a6c94ebf 100644
--- a/internal/xds/translator/testdata/out/xds-ir/authorization-client-cidr.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/authorization-client-cidr.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
address: 0.0.0.0
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/authorization-jwt-claim.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/authorization-jwt-claim.clusters.yaml
index f5211bc9922..3e81abb2f4e 100644
--- a/internal/xds/translator/testdata/out/xds-ir/authorization-jwt-claim.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/authorization-jwt-claim.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -40,7 +38,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
dnsRefreshRate: 30s
lbPolicy: LEAST_REQUEST
loadAssignment:
@@ -76,7 +73,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
dnsRefreshRate: 30s
lbPolicy: LEAST_REQUEST
loadAssignment:
diff --git a/internal/xds/translator/testdata/out/xds-ir/authorization-jwt-claim.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/authorization-jwt-claim.listeners.yaml
index f34bcbe362f..c3144002dc5 100644
--- a/internal/xds/translator/testdata/out/xds-ir/authorization-jwt-claim.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/authorization-jwt-claim.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
address: 0.0.0.0
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/authorization-jwt-scope.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/authorization-jwt-scope.clusters.yaml
index f5211bc9922..3e81abb2f4e 100644
--- a/internal/xds/translator/testdata/out/xds-ir/authorization-jwt-scope.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/authorization-jwt-scope.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -40,7 +38,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
dnsRefreshRate: 30s
lbPolicy: LEAST_REQUEST
loadAssignment:
@@ -76,7 +73,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
dnsRefreshRate: 30s
lbPolicy: LEAST_REQUEST
loadAssignment:
diff --git a/internal/xds/translator/testdata/out/xds-ir/authorization-jwt-scope.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/authorization-jwt-scope.listeners.yaml
index f34bcbe362f..c3144002dc5 100644
--- a/internal/xds/translator/testdata/out/xds-ir/authorization-jwt-scope.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/authorization-jwt-scope.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
address: 0.0.0.0
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/authorization-multiple-principals.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/authorization-multiple-principals.clusters.yaml
index 1c72d4f070f..a5da3995b99 100644
--- a/internal/xds/translator/testdata/out/xds-ir/authorization-multiple-principals.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/authorization-multiple-principals.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/authorization-multiple-principals.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/authorization-multiple-principals.listeners.yaml
index 907d28f78b7..1a6a6c94ebf 100644
--- a/internal/xds/translator/testdata/out/xds-ir/authorization-multiple-principals.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/authorization-multiple-principals.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
address: 0.0.0.0
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/backend-buffer-limit.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/backend-buffer-limit.clusters.yaml
index e36a7f976be..ae291870e19 100644
--- a/internal/xds/translator/testdata/out/xds-ir/backend-buffer-limit.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/backend-buffer-limit.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -40,7 +38,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/backend-buffer-limit.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/backend-buffer-limit.listeners.yaml
index 1fadbe977d8..39d16f0162e 100644
--- a/internal/xds/translator/testdata/out/xds-ir/backend-buffer-limit.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/backend-buffer-limit.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
@@ -34,7 +35,8 @@
perConnectionBufferLimitBytes: 32768
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10081
filterChains:
- filters:
@@ -48,7 +50,8 @@
perConnectionBufferLimitBytes: 1500
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
protocol: UDP
listenerFilters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/backend-priority.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/backend-priority.clusters.yaml
index 4088295c2de..64ef05a8795 100644
--- a/internal/xds/translator/testdata/out/xds-ir/backend-priority.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/backend-priority.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -40,7 +38,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/backend-priority.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/backend-priority.listeners.yaml
index 55e2fde715b..fec7e1ade2f 100644
--- a/internal/xds/translator/testdata/out/xds-ir/backend-priority.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/backend-priority.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
address: 0.0.0.0
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/basic-auth.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/basic-auth.clusters.yaml
index 1c7cbaf45e0..e170f954954 100644
--- a/internal/xds/translator/testdata/out/xds-ir/basic-auth.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/basic-auth.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -40,7 +38,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/basic-auth.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/basic-auth.listeners.yaml
index a7accc0ef6c..3f5b5976eb0 100644
--- a/internal/xds/translator/testdata/out/xds-ir/basic-auth.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/basic-auth.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
address: 0.0.0.0
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/circuit-breaker.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/circuit-breaker.clusters.yaml
index 93e5ebb91b6..a39d931e4d8 100644
--- a/internal/xds/translator/testdata/out/xds-ir/circuit-breaker.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/circuit-breaker.clusters.yaml
@@ -7,7 +7,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/circuit-breaker.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/circuit-breaker.listeners.yaml
index c3fb113017a..a9b9065d238 100644
--- a/internal/xds/translator/testdata/out/xds-ir/circuit-breaker.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/circuit-breaker.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/client-buffer-limit.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/client-buffer-limit.clusters.yaml
index 045afb39e71..53d0ae1b88c 100644
--- a/internal/xds/translator/testdata/out/xds-ir/client-buffer-limit.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/client-buffer-limit.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/client-buffer-limit.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/client-buffer-limit.listeners.yaml
index 96f06388ed3..91c886e41b1 100644
--- a/internal/xds/translator/testdata/out/xds-ir/client-buffer-limit.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/client-buffer-limit.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
@@ -34,7 +35,8 @@
perConnectionBufferLimitBytes: 1500
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10081
filterChains:
- filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/client-ip-detection.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/client-ip-detection.clusters.yaml
index b7a2badfead..f36c0f1c777 100644
--- a/internal/xds/translator/testdata/out/xds-ir/client-ip-detection.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/client-ip-detection.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -40,7 +38,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/client-ip-detection.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/client-ip-detection.listeners.yaml
index 885e958a3e6..76e8d8b7cf5 100644
--- a/internal/xds/translator/testdata/out/xds-ir/client-ip-detection.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/client-ip-detection.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 8081
defaultFilterChain:
filters:
@@ -33,7 +34,8 @@
perConnectionBufferLimitBytes: 32768
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 8082
defaultFilterChain:
filters:
@@ -71,7 +73,8 @@
perConnectionBufferLimitBytes: 32768
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 8083
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/client-timeout.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/client-timeout.clusters.yaml
index 820f85f625b..b3601621bf2 100644
--- a/internal/xds/translator/testdata/out/xds-ir/client-timeout.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/client-timeout.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/client-timeout.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/client-timeout.listeners.yaml
index 03fe43687b2..0becefcb07b 100644
--- a/internal/xds/translator/testdata/out/xds-ir/client-timeout.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/client-timeout.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
@@ -36,7 +37,8 @@
perConnectionBufferLimitBytes: 32768
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10081
filterChains:
- filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/cors.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/cors.clusters.yaml
index 9ada55d6523..ff1dac67640 100644
--- a/internal/xds/translator/testdata/out/xds-ir/cors.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/cors.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/cors.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/cors.listeners.yaml
index 03c1932b68e..d4b97c1941b 100644
--- a/internal/xds/translator/testdata/out/xds-ir/cors.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/cors.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/custom-filter-order.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/custom-filter-order.clusters.yaml
index 0e10ab58f0c..7b61aaf5f37 100644
--- a/internal/xds/translator/testdata/out/xds-ir/custom-filter-order.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/custom-filter-order.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
dnsRefreshRate: 30s
lbPolicy: LEAST_REQUEST
loadAssignment:
@@ -40,7 +39,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
dnsRefreshRate: 30s
lbPolicy: LEAST_REQUEST
loadAssignment:
diff --git a/internal/xds/translator/testdata/out/xds-ir/custom-filter-order.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/custom-filter-order.listeners.yaml
index 0a50c1bb280..7a61b6197b2 100644
--- a/internal/xds/translator/testdata/out/xds-ir/custom-filter-order.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/custom-filter-order.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
address: 0.0.0.0
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/custom-response.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/custom-response.clusters.yaml
index 1c72d4f070f..a5da3995b99 100644
--- a/internal/xds/translator/testdata/out/xds-ir/custom-response.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/custom-response.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/custom-response.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/custom-response.listeners.yaml
index 19c56586960..29be8f0b25c 100644
--- a/internal/xds/translator/testdata/out/xds-ir/custom-response.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/custom-response.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
address: 0.0.0.0
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/ext-auth-backend.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/ext-auth-backend.clusters.yaml
index 18846488a59..db4efa180a8 100644
--- a/internal/xds/translator/testdata/out/xds-ir/ext-auth-backend.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/ext-auth-backend.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -40,7 +38,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -58,7 +55,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
dnsRefreshRate: 30s
lbPolicy: LEAST_REQUEST
loadAssignment:
@@ -92,7 +88,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
dnsRefreshRate: 30s
lbPolicy: LEAST_REQUEST
loadAssignment:
diff --git a/internal/xds/translator/testdata/out/xds-ir/ext-auth-backend.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/ext-auth-backend.listeners.yaml
index 0ccea8c2bcb..4f7cd0b8af7 100644
--- a/internal/xds/translator/testdata/out/xds-ir/ext-auth-backend.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/ext-auth-backend.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
address: 0.0.0.0
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/ext-auth-recomputation.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/ext-auth-recomputation.clusters.yaml
index 18846488a59..db4efa180a8 100644
--- a/internal/xds/translator/testdata/out/xds-ir/ext-auth-recomputation.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/ext-auth-recomputation.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -40,7 +38,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -58,7 +55,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
dnsRefreshRate: 30s
lbPolicy: LEAST_REQUEST
loadAssignment:
@@ -92,7 +88,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
dnsRefreshRate: 30s
lbPolicy: LEAST_REQUEST
loadAssignment:
diff --git a/internal/xds/translator/testdata/out/xds-ir/ext-auth-recomputation.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/ext-auth-recomputation.listeners.yaml
index e2054562760..71ebe76cb1e 100644
--- a/internal/xds/translator/testdata/out/xds-ir/ext-auth-recomputation.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/ext-auth-recomputation.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
address: 0.0.0.0
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/ext-auth.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/ext-auth.clusters.yaml
index ba70eb86e94..4b9e2de2200 100644
--- a/internal/xds/translator/testdata/out/xds-ir/ext-auth.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/ext-auth.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -40,7 +38,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -58,7 +55,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -83,7 +79,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/ext-auth.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/ext-auth.listeners.yaml
index 84b95081c80..167e96f53e0 100644
--- a/internal/xds/translator/testdata/out/xds-ir/ext-auth.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/ext-auth.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
address: 0.0.0.0
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/ext-proc-with-traffic-settings.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/ext-proc-with-traffic-settings.clusters.yaml
index 3bac84394be..d885aaddd66 100644
--- a/internal/xds/translator/testdata/out/xds-ir/ext-proc-with-traffic-settings.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/ext-proc-with-traffic-settings.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -41,7 +39,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 15s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/ext-proc-with-traffic-settings.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/ext-proc-with-traffic-settings.listeners.yaml
index 55e2fde715b..fec7e1ade2f 100644
--- a/internal/xds/translator/testdata/out/xds-ir/ext-proc-with-traffic-settings.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/ext-proc-with-traffic-settings.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
address: 0.0.0.0
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/ext-proc.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/ext-proc.clusters.yaml
index ede262a5694..6fcc3830e4f 100755
--- a/internal/xds/translator/testdata/out/xds-ir/ext-proc.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/ext-proc.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -40,7 +38,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -65,7 +62,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -90,7 +86,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -115,7 +110,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/ext-proc.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/ext-proc.listeners.yaml
index acf4c0a40f6..1f010cbb726 100755
--- a/internal/xds/translator/testdata/out/xds-ir/ext-proc.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/ext-proc.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
address: 0.0.0.0
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/fault-injection.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/fault-injection.clusters.yaml
index ff3aedce52a..77dc55a8476 100644
--- a/internal/xds/translator/testdata/out/xds-ir/fault-injection.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/fault-injection.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -40,7 +38,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -58,7 +55,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -76,7 +72,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/fault-injection.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/fault-injection.listeners.yaml
index 5053c959bfc..6c1a233f5b2 100644
--- a/internal/xds/translator/testdata/out/xds-ir/fault-injection.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/fault-injection.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/headers-with-preserve-x-request-id.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/headers-with-preserve-x-request-id.clusters.yaml
index 820f85f625b..b3601621bf2 100755
--- a/internal/xds/translator/testdata/out/xds-ir/headers-with-preserve-x-request-id.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/headers-with-preserve-x-request-id.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/headers-with-preserve-x-request-id.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/headers-with-preserve-x-request-id.listeners.yaml
index 5041136d090..f9ce7d84e7c 100644
--- a/internal/xds/translator/testdata/out/xds-ir/headers-with-preserve-x-request-id.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/headers-with-preserve-x-request-id.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 8081
defaultFilterChain:
filters:
@@ -33,7 +34,8 @@
perConnectionBufferLimitBytes: 32768
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 8082
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/headers-with-underscores-action.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/headers-with-underscores-action.clusters.yaml
index 0a3d6ba340e..754b5ae5d02 100755
--- a/internal/xds/translator/testdata/out/xds-ir/headers-with-underscores-action.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/headers-with-underscores-action.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -40,7 +38,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -58,7 +55,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/headers-with-underscores-action.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/headers-with-underscores-action.listeners.yaml
index f9b4ee27bf6..f89d388819d 100644
--- a/internal/xds/translator/testdata/out/xds-ir/headers-with-underscores-action.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/headers-with-underscores-action.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 8081
defaultFilterChain:
filters:
@@ -32,7 +33,8 @@
perConnectionBufferLimitBytes: 32768
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 8082
defaultFilterChain:
filters:
@@ -63,7 +65,8 @@
perConnectionBufferLimitBytes: 32768
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 8083
defaultFilterChain:
filters:
@@ -95,7 +98,8 @@
perConnectionBufferLimitBytes: 32768
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 8084
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/health-check.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/health-check.clusters.yaml
index 09b9396270a..1d42d3495d8 100644
--- a/internal/xds/translator/testdata/out/xds-ir/health-check.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/health-check.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -43,7 +42,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -80,7 +78,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -114,7 +111,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -149,7 +145,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/health-check.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/health-check.listeners.yaml
index c3fb113017a..a9b9065d238 100644
--- a/internal/xds/translator/testdata/out/xds-ir/health-check.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/health-check.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-early-header-mutation.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-early-header-mutation.clusters.yaml
index 35b68d18b32..1774ac35006 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-early-header-mutation.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-early-header-mutation.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -32,7 +31,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-early-header-mutation.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-early-header-mutation.listeners.yaml
index 4a3daf7b5eb..93320e1347b 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-early-header-mutation.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-early-header-mutation.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
@@ -40,7 +41,8 @@
perConnectionBufferLimitBytes: 32768
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10081
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-endpoint-stats.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-endpoint-stats.clusters.yaml
index f1b16b07b54..8256f58d447 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-endpoint-stats.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-endpoint-stats.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-endpoint-stats.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-endpoint-stats.listeners.yaml
index cc61653cdf6..6c2ec38ab4f 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-endpoint-stats.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-endpoint-stats.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-health-check.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-health-check.clusters.yaml
index 9ada55d6523..ff1dac67640 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-health-check.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-health-check.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-health-check.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-health-check.listeners.yaml
index 13b18487b29..858a6a99df5 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-health-check.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-health-check.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-preserve-client-protocol.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-preserve-client-protocol.clusters.yaml
index 4f007ff7c47..73c0f3ee8b8 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-preserve-client-protocol.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-preserve-client-protocol.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-preserve-client-protocol.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-preserve-client-protocol.listeners.yaml
index 09426a31773..cc24216073a 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-preserve-client-protocol.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-preserve-client-protocol.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
address: 0.0.0.0
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-req-resp-sizes-stats.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-req-resp-sizes-stats.clusters.yaml
index 9b420408aaa..d552d11a437 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-req-resp-sizes-stats.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-req-resp-sizes-stats.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-req-resp-sizes-stats.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-req-resp-sizes-stats.listeners.yaml
index 2d688753f05..cefa3f8fcfd 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-req-resp-sizes-stats.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-req-resp-sizes-stats.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-direct-response.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-direct-response.clusters.yaml
index 3e4300de532..90ea1e3123d 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-direct-response.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-direct-response.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-direct-response.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-direct-response.listeners.yaml
index c3fb113017a..a9b9065d238 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-direct-response.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-direct-response.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-dns-cluster.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-dns-cluster.clusters.yaml
index 876e1084c87..d6f92da0027 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-dns-cluster.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-dns-cluster.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
dnsRefreshRate: 30s
lbPolicy: LEAST_REQUEST
loadAssignment:
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-dns-cluster.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-dns-cluster.listeners.yaml
index c3fb113017a..a9b9065d238 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-dns-cluster.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-dns-cluster.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-mirror.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-mirror.clusters.yaml
index 0bd72d2b460..7b147f2cc9e 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-mirror.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-mirror.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-mirror.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-mirror.listeners.yaml
index c3fb113017a..a9b9065d238 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-mirror.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-mirror.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-multiple-matches.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-multiple-matches.clusters.yaml
index d76408ee96f..7dee2fae954 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-multiple-matches.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-multiple-matches.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -40,7 +38,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -58,7 +55,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -76,7 +72,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -94,7 +89,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -112,7 +106,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-multiple-matches.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-multiple-matches.listeners.yaml
index c3fb113017a..9c25f196445 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-multiple-matches.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-multiple-matches.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
address: 0.0.0.0
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-multiple-mirrors.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-multiple-mirrors.clusters.yaml
index 7be6b0f7ade..af01a8494ca 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-multiple-mirrors.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-multiple-mirrors.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -40,7 +38,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-multiple-mirrors.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-multiple-mirrors.listeners.yaml
index c3fb113017a..a9b9065d238 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-multiple-mirrors.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-multiple-mirrors.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-partial-invalid.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-partial-invalid.clusters.yaml
index 565c93fd5ff..3847b55b7e3 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-partial-invalid.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-partial-invalid.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-partial-invalid.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-partial-invalid.listeners.yaml
index c3fb113017a..a9b9065d238 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-partial-invalid.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-partial-invalid.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-redirect.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-redirect.clusters.yaml
index c8dc8147580..2e8d489ec0a 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-redirect.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-redirect.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-redirect.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-redirect.listeners.yaml
index c3fb113017a..a9b9065d238 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-redirect.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-redirect.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-regex.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-regex.clusters.yaml
index de1e5ced9a4..c3beb47b89f 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-regex.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-regex.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-regex.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-regex.listeners.yaml
index c3fb113017a..a9b9065d238 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-regex.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-regex.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-request-headers.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-request-headers.clusters.yaml
index 1e0be1f0405..db56b6185c5 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-request-headers.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-request-headers.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-request-headers.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-request-headers.listeners.yaml
index c3fb113017a..a9b9065d238 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-request-headers.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-request-headers.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-response-add-headers.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-response-add-headers.clusters.yaml
index f3b7838ceee..7b45637ccff 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-response-add-headers.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-response-add-headers.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-response-add-headers.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-response-add-headers.listeners.yaml
index c3fb113017a..a9b9065d238 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-response-add-headers.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-response-add-headers.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-response-add-remove-headers.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-response-add-remove-headers.clusters.yaml
index f3b7838ceee..7b45637ccff 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-response-add-remove-headers.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-response-add-remove-headers.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-response-add-remove-headers.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-response-add-remove-headers.listeners.yaml
index c3fb113017a..a9b9065d238 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-response-add-remove-headers.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-response-add-remove-headers.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-response-remove-headers.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-response-remove-headers.clusters.yaml
index f3b7838ceee..7b45637ccff 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-response-remove-headers.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-response-remove-headers.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-response-remove-headers.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-response-remove-headers.listeners.yaml
index c3fb113017a..a9b9065d238 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-response-remove-headers.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-response-remove-headers.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-root-path-url-prefix.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-root-path-url-prefix.clusters.yaml
index 3041d18c4eb..48272f1f225 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-root-path-url-prefix.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-root-path-url-prefix.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-root-path-url-prefix.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-root-path-url-prefix.listeners.yaml
index c3fb113017a..a9b9065d238 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-root-path-url-prefix.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-root-path-url-prefix.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.clusters.yaml
index 3041d18c4eb..48272f1f225 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.listeners.yaml
index c3fb113017a..a9b9065d238 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-sufixx-with-slash-url-prefix.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-fullpath.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-fullpath.clusters.yaml
index 8290c2d1837..03f27845ffe 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-fullpath.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-fullpath.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-fullpath.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-fullpath.listeners.yaml
index c3fb113017a..a9b9065d238 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-fullpath.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-fullpath.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-host.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-host.clusters.yaml
index 3041d18c4eb..48272f1f225 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-host.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-host.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-host.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-host.listeners.yaml
index c3fb113017a..a9b9065d238 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-host.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-host.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-prefix.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-prefix.clusters.yaml
index 3041d18c4eb..48272f1f225 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-prefix.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-prefix.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-prefix.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-prefix.listeners.yaml
index c3fb113017a..a9b9065d238 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-prefix.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-prefix.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-regex.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-regex.clusters.yaml
index 8290c2d1837..03f27845ffe 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-regex.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-regex.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-regex.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-regex.listeners.yaml
index c3fb113017a..a9b9065d238 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-regex.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-rewrite-url-regex.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-session-persistence.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-session-persistence.clusters.yaml
index de1e5ced9a4..c3beb47b89f 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-session-persistence.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-session-persistence.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-session-persistence.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-session-persistence.listeners.yaml
index 3c8062f0a29..a857be906cd 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-session-persistence.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-session-persistence.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-timeout.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-timeout.clusters.yaml
index b7a2badfead..f36c0f1c777 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-timeout.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-timeout.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -40,7 +38,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-timeout.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-timeout.listeners.yaml
index c3fb113017a..a9b9065d238 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-timeout.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-timeout.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend-uds-ip.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend-uds-ip.clusters.yaml
index 9ada55d6523..ff1dac67640 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend-uds-ip.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend-uds-ip.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend-uds-ip.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend-uds-ip.listeners.yaml
index c3fb113017a..a9b9065d238 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend-uds-ip.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend-uds-ip.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend-with-filters.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend-with-filters.clusters.yaml
index 820f85f625b..b3601621bf2 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend-with-filters.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend-with-filters.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend-with-filters.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend-with-filters.listeners.yaml
index c3fb113017a..a9b9065d238 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend-with-filters.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend-with-filters.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend.clusters.yaml
index 9ada55d6523..ff1dac67640 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend.listeners.yaml
index c3fb113017a..a9b9065d238 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-backend.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-invalid-backend.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-invalid-backend.clusters.yaml
index 9ada55d6523..ff1dac67640 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-invalid-backend.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-invalid-backend.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-invalid-backend.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-invalid-backend.listeners.yaml
index c3fb113017a..a9b9065d238 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-invalid-backend.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-weighted-invalid-backend.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-with-clientcert.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-with-clientcert.clusters.yaml
index a9be418a101..390c26b1ab8 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-with-clientcert.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-with-clientcert.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-with-clientcert.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-with-clientcert.listeners.yaml
index 657d2b42a82..725b879b355 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-with-clientcert.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-with-clientcert.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
address: 0.0.0.0
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-with-metadata.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-with-metadata.clusters.yaml
index 820f85f625b..b3601621bf2 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-with-metadata.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-with-metadata.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-with-metadata.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-with-metadata.listeners.yaml
index c3fb113017a..9c25f196445 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-with-metadata.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-with-metadata.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
address: 0.0.0.0
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-with-tls-system-truststore.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-with-tls-system-truststore.clusters.yaml
index fccf18807c5..49c8eebc00e 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-with-tls-system-truststore.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-with-tls-system-truststore.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-with-tls-system-truststore.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-with-tls-system-truststore.listeners.yaml
index 657d2b42a82..725b879b355 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-with-tls-system-truststore.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-with-tls-system-truststore.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
address: 0.0.0.0
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-with-tlsbundle-multiple-certs.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-with-tlsbundle-multiple-certs.clusters.yaml
index 51702c7c79b..df5e85c34f2 100755
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-with-tlsbundle-multiple-certs.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-with-tlsbundle-multiple-certs.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -63,7 +62,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-with-tlsbundle-multiple-certs.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-with-tlsbundle-multiple-certs.listeners.yaml
index 5a43997887d..09c1f7373da 100755
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-with-tlsbundle-multiple-certs.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-with-tlsbundle-multiple-certs.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
address: 0.0.0.0
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
@@ -35,6 +36,7 @@
- address:
socketAddress:
address: 0.0.0.0
+ ipv4Compat: true
portValue: 10081
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-with-tlsbundle.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-with-tlsbundle.clusters.yaml
index 73cb7f276b2..2744cfc19d8 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-with-tlsbundle.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-with-tlsbundle.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-with-tlsbundle.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-with-tlsbundle.listeners.yaml
index 657d2b42a82..725b879b355 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route-with-tlsbundle.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route-with-tlsbundle.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
address: 0.0.0.0
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route.clusters.yaml
index 9ada55d6523..ff1dac67640 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route.listeners.yaml
index c3fb113017a..a9b9065d238 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http-route.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http-route.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/http1-preserve-case.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http1-preserve-case.clusters.yaml
index ee7ebf5a19f..4cfa7db1e7e 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http1-preserve-case.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http1-preserve-case.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -32,7 +31,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/http1-preserve-case.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http1-preserve-case.listeners.yaml
index 87cd9f2a9d7..7d466743074 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http1-preserve-case.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http1-preserve-case.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
@@ -40,7 +41,8 @@
perConnectionBufferLimitBytes: 32768
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10081
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/http1-trailers.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http1-trailers.clusters.yaml
index 7fb571dc42f..1b3c2957d3f 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http1-trailers.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http1-trailers.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/http1-trailers.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http1-trailers.listeners.yaml
index 7efdb2940f8..952475f29ec 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http1-trailers.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http1-trailers.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/http10.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http10.clusters.yaml
index de12099b7de..62a8d033f04 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http10.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http10.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/http10.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http10.listeners.yaml
index 7935c97f7f4..39cef2f193b 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http10.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http10.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/http2-route.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http2-route.clusters.yaml
index 0a2796cd6ac..2c58afdaac7 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http2-route.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http2-route.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -31,7 +30,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -56,7 +54,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -84,7 +81,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/http2-route.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http2-route.listeners.yaml
index fc499431884..ba98a10f789 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http2-route.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http2-route.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/http2.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http2.clusters.yaml
index 9ada55d6523..ff1dac67640 100755
--- a/internal/xds/translator/testdata/out/xds-ir/http2.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http2.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/http2.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http2.listeners.yaml
index 25230ccd9b5..d150efd0384 100755
--- a/internal/xds/translator/testdata/out/xds-ir/http2.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http2.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/http3.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http3.clusters.yaml
index 1c72d4f070f..a5da3995b99 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http3.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http3.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/http3.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http3.listeners.yaml
index 49a651da85e..98b2a58f8ef 100644
--- a/internal/xds/translator/testdata/out/xds-ir/http3.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/http3.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
address: 0.0.0.0
+ ipv4Compat: true
portValue: 10443
protocol: UDP
drainType: MODIFY_ONLY
@@ -56,6 +57,7 @@
- address:
socketAddress:
address: 0.0.0.0
+ ipv4Compat: true
portValue: 10443
filterChains:
- filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-missing-resource.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/jsonpatch-missing-resource.clusters.yaml
index 9ada55d6523..ff1dac67640 100644
--- a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-missing-resource.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/jsonpatch-missing-resource.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-missing-resource.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/jsonpatch-missing-resource.listeners.yaml
index c3fb113017a..a9b9065d238 100644
--- a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-missing-resource.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/jsonpatch-missing-resource.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-with-jsonpath.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/jsonpatch-with-jsonpath.clusters.yaml
index f9a046becf5..f1725d0f618 100644
--- a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-with-jsonpath.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/jsonpatch-with-jsonpath.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-with-jsonpath.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/jsonpatch-with-jsonpath.listeners.yaml
index fb7bceafa22..1825eb14ab6 100644
--- a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-with-jsonpath.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/jsonpatch-with-jsonpath.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
filterChains:
- filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/jsonpatch.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/jsonpatch.clusters.yaml
index 745719faa2b..009411dcdf4 100644
--- a/internal/xds/translator/testdata/out/xds-ir/jsonpatch.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/jsonpatch.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/jsonpatch.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/jsonpatch.listeners.yaml
index fb7bceafa22..1825eb14ab6 100644
--- a/internal/xds/translator/testdata/out/xds-ir/jsonpatch.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/jsonpatch.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
filterChains:
- filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-custom-extractor.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-custom-extractor.clusters.yaml
index 8f5d81ea045..95dbaeaeb9d 100644
--- a/internal/xds/translator/testdata/out/xds-ir/jwt-custom-extractor.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/jwt-custom-extractor.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
dnsRefreshRate: 30s
lbPolicy: LEAST_REQUEST
loadAssignment:
diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-custom-extractor.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-custom-extractor.listeners.yaml
index 9172af8519b..25c76bcef2f 100644
--- a/internal/xds/translator/testdata/out/xds-ir/jwt-custom-extractor.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/jwt-custom-extractor.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-multi-provider.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-multi-provider.clusters.yaml
index 308f92773e8..4af517cab1d 100644
--- a/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-multi-provider.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-multi-provider.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -40,7 +38,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
dnsRefreshRate: 30s
lbPolicy: LEAST_REQUEST
loadAssignment:
@@ -67,7 +64,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-multi-provider.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-multi-provider.listeners.yaml
index bbfa00a53ea..0ac893c74ea 100644
--- a/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-multi-provider.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-multi-provider.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-single-provider.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-single-provider.clusters.yaml
index 8555780dab4..081ef33d842 100644
--- a/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-single-provider.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-single-provider.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -40,7 +38,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
dnsRefreshRate: 30s
lbPolicy: LEAST_REQUEST
loadAssignment:
diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-single-provider.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-single-provider.listeners.yaml
index a48a09b2dd7..82dbfaae02c 100644
--- a/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-single-provider.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/jwt-multi-route-single-provider.listeners.yaml
@@ -13,7 +13,8 @@
path: /dev/stdout
address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-optional.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-optional.clusters.yaml
index 8f5d81ea045..95dbaeaeb9d 100644
--- a/internal/xds/translator/testdata/out/xds-ir/jwt-optional.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/jwt-optional.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
dnsRefreshRate: 30s
lbPolicy: LEAST_REQUEST
loadAssignment:
diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-optional.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-optional.listeners.yaml
index 51d778b9cea..393caa96eb5 100644
--- a/internal/xds/translator/testdata/out/xds-ir/jwt-optional.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/jwt-optional.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-ratelimit.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-ratelimit.clusters.yaml
index a5f1527ade9..6701b170b27 100644
--- a/internal/xds/translator/testdata/out/xds-ir/jwt-ratelimit.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/jwt-ratelimit.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -40,7 +38,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -58,7 +55,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -85,7 +81,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
dnsRefreshRate: 30s
lbPolicy: LEAST_REQUEST
loadAssignment:
diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-ratelimit.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-ratelimit.listeners.yaml
index ead8b20d402..15f08c52173 100644
--- a/internal/xds/translator/testdata/out/xds-ir/jwt-ratelimit.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/jwt-ratelimit.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-single-route-single-match.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-single-route-single-match.clusters.yaml
index 8f5d81ea045..95dbaeaeb9d 100644
--- a/internal/xds/translator/testdata/out/xds-ir/jwt-single-route-single-match.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/jwt-single-route-single-match.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
dnsRefreshRate: 30s
lbPolicy: LEAST_REQUEST
loadAssignment:
diff --git a/internal/xds/translator/testdata/out/xds-ir/jwt-single-route-single-match.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/jwt-single-route-single-match.listeners.yaml
index c839763d975..1eb896e1a7d 100644
--- a/internal/xds/translator/testdata/out/xds-ir/jwt-single-route-single-match.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/jwt-single-route-single-match.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/listener-connection-limit.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/listener-connection-limit.clusters.yaml
index 820f85f625b..2f38dd9d3aa 100644
--- a/internal/xds/translator/testdata/out/xds-ir/listener-connection-limit.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/listener-connection-limit.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -34,3 +32,37 @@
outlierDetection: {}
perConnectionBufferLimitBytes: 32768
type: EDS
+- circuitBreakers:
+ thresholds:
+ - maxRetries: 1024
+ commonLbConfig:
+ localityWeightedLbConfig: {}
+ connectTimeout: 10s
+ edsClusterConfig:
+ edsConfig:
+ ads: {}
+ resourceApiVersion: V3
+ serviceName: tls-route-dest
+ ignoreHealthOnHostRemoval: true
+ lbPolicy: LEAST_REQUEST
+ name: tls-route-dest
+ outlierDetection: {}
+ perConnectionBufferLimitBytes: 32768
+ type: EDS
+- circuitBreakers:
+ thresholds:
+ - maxRetries: 1024
+ commonLbConfig:
+ localityWeightedLbConfig: {}
+ connectTimeout: 10s
+ edsClusterConfig:
+ edsConfig:
+ ads: {}
+ resourceApiVersion: V3
+ serviceName: tcp-route-dest
+ ignoreHealthOnHostRemoval: true
+ lbPolicy: LEAST_REQUEST
+ name: tcp-route-dest
+ outlierDetection: {}
+ perConnectionBufferLimitBytes: 32768
+ type: EDS
diff --git a/internal/xds/translator/testdata/out/xds-ir/listener-connection-limit.endpoints.yaml b/internal/xds/translator/testdata/out/xds-ir/listener-connection-limit.endpoints.yaml
index de95bf555b9..5b4fe89e58c 100644
--- a/internal/xds/translator/testdata/out/xds-ir/listener-connection-limit.endpoints.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/listener-connection-limit.endpoints.yaml
@@ -22,3 +22,27 @@
loadBalancingWeight: 1
locality:
region: second-route-dest/backend/0
+- clusterName: tls-route-dest
+ endpoints:
+ - lbEndpoints:
+ - endpoint:
+ address:
+ socketAddress:
+ address: 1.2.3.4
+ portValue: 50000
+ loadBalancingWeight: 1
+ loadBalancingWeight: 1
+ locality:
+ region: tls-route-dest/backend/0
+- clusterName: tcp-route-dest
+ endpoints:
+ - lbEndpoints:
+ - endpoint:
+ address:
+ socketAddress:
+ address: 1.2.3.4
+ portValue: 50000
+ loadBalancingWeight: 1
+ loadBalancingWeight: 1
+ locality:
+ region: tcp-route-dest/backend/0
diff --git a/internal/xds/translator/testdata/out/xds-ir/listener-connection-limit.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/listener-connection-limit.listeners.yaml
index 49a4bf7dc21..7286927497c 100644
--- a/internal/xds/translator/testdata/out/xds-ir/listener-connection-limit.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/listener-connection-limit.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
@@ -34,7 +35,8 @@
perConnectionBufferLimitBytes: 32768
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10081
defaultFilterChain:
filters:
@@ -73,13 +75,47 @@
perConnectionBufferLimitBytes: 32768
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10082
+ filterChains:
+ - filterChainMatch:
+ serverNames:
+ - bar.com
+ filters:
+ - name: envoy.filters.network.connection_limit
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.filters.network.connection_limit.v3.ConnectionLimit
+ maxConnections: "3"
+ statPrefix: tls-passthrough-10082
+ - name: envoy.filters.network.tcp_proxy
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
+ cluster: tls-route-dest
+ statPrefix: tls-passthrough-10082
+ listenerFilters:
+ - name: envoy.filters.listener.tls_inspector
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector
name: third-listener
perConnectionBufferLimitBytes: 32768
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10083
+ filterChains:
+ - filters:
+ - name: envoy.filters.network.connection_limit
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.filters.network.connection_limit.v3.ConnectionLimit
+ delay: 3s
+ maxConnections: "10"
+ statPrefix: tcp-10083
+ - name: envoy.filters.network.tcp_proxy
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
+ cluster: tcp-route-dest
+ statPrefix: tcp-10083
name: fourth-listener
perConnectionBufferLimitBytes: 32768
diff --git a/internal/xds/translator/testdata/out/xds-ir/listener-proxy-protocol.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/listener-proxy-protocol.clusters.yaml
index c21b71ce6c5..6cae3947b35 100644
--- a/internal/xds/translator/testdata/out/xds-ir/listener-proxy-protocol.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/listener-proxy-protocol.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/listener-proxy-protocol.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/listener-proxy-protocol.listeners.yaml
index 210069d7019..016786b37f5 100644
--- a/internal/xds/translator/testdata/out/xds-ir/listener-proxy-protocol.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/listener-proxy-protocol.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
filterChains:
- filterChainMatch:
@@ -63,7 +64,8 @@
perConnectionBufferLimitBytes: 32768
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10081
filterChains:
- filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/listener-tcp-keepalive.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/listener-tcp-keepalive.clusters.yaml
index 820f85f625b..2f38dd9d3aa 100644
--- a/internal/xds/translator/testdata/out/xds-ir/listener-tcp-keepalive.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/listener-tcp-keepalive.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -34,3 +32,37 @@
outlierDetection: {}
perConnectionBufferLimitBytes: 32768
type: EDS
+- circuitBreakers:
+ thresholds:
+ - maxRetries: 1024
+ commonLbConfig:
+ localityWeightedLbConfig: {}
+ connectTimeout: 10s
+ edsClusterConfig:
+ edsConfig:
+ ads: {}
+ resourceApiVersion: V3
+ serviceName: tls-route-dest
+ ignoreHealthOnHostRemoval: true
+ lbPolicy: LEAST_REQUEST
+ name: tls-route-dest
+ outlierDetection: {}
+ perConnectionBufferLimitBytes: 32768
+ type: EDS
+- circuitBreakers:
+ thresholds:
+ - maxRetries: 1024
+ commonLbConfig:
+ localityWeightedLbConfig: {}
+ connectTimeout: 10s
+ edsClusterConfig:
+ edsConfig:
+ ads: {}
+ resourceApiVersion: V3
+ serviceName: tcp-route-dest
+ ignoreHealthOnHostRemoval: true
+ lbPolicy: LEAST_REQUEST
+ name: tcp-route-dest
+ outlierDetection: {}
+ perConnectionBufferLimitBytes: 32768
+ type: EDS
diff --git a/internal/xds/translator/testdata/out/xds-ir/listener-tcp-keepalive.endpoints.yaml b/internal/xds/translator/testdata/out/xds-ir/listener-tcp-keepalive.endpoints.yaml
index de95bf555b9..5b4fe89e58c 100644
--- a/internal/xds/translator/testdata/out/xds-ir/listener-tcp-keepalive.endpoints.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/listener-tcp-keepalive.endpoints.yaml
@@ -22,3 +22,27 @@
loadBalancingWeight: 1
locality:
region: second-route-dest/backend/0
+- clusterName: tls-route-dest
+ endpoints:
+ - lbEndpoints:
+ - endpoint:
+ address:
+ socketAddress:
+ address: 1.2.3.4
+ portValue: 50000
+ loadBalancingWeight: 1
+ loadBalancingWeight: 1
+ locality:
+ region: tls-route-dest/backend/0
+- clusterName: tcp-route-dest
+ endpoints:
+ - lbEndpoints:
+ - endpoint:
+ address:
+ socketAddress:
+ address: 1.2.3.4
+ portValue: 50000
+ loadBalancingWeight: 1
+ loadBalancingWeight: 1
+ locality:
+ region: tcp-route-dest/backend/0
diff --git a/internal/xds/translator/testdata/out/xds-ir/listener-tcp-keepalive.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/listener-tcp-keepalive.listeners.yaml
index 11f91b65a34..8b7b4013e4f 100644
--- a/internal/xds/translator/testdata/out/xds-ir/listener-tcp-keepalive.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/listener-tcp-keepalive.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
@@ -39,7 +40,8 @@
name: "9"
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10081
defaultFilterChain:
filters:
@@ -90,8 +92,23 @@
name: "5"
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10082
+ filterChains:
+ - filterChainMatch:
+ serverNames:
+ - bar.com
+ filters:
+ - name: envoy.filters.network.tcp_proxy
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
+ cluster: tls-route-dest
+ statPrefix: tls-passthrough-10082
+ listenerFilters:
+ - name: envoy.filters.listener.tls_inspector
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector
name: third-listener
perConnectionBufferLimitBytes: 32768
socketOptions:
@@ -101,8 +118,16 @@
name: "9"
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10083
+ filterChains:
+ - filters:
+ - name: envoy.filters.network.tcp_proxy
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
+ cluster: tcp-route-dest
+ statPrefix: tcp-10083
name: fourth-listener
perConnectionBufferLimitBytes: 32768
socketOptions:
diff --git a/internal/xds/translator/testdata/out/xds-ir/listener-tcp-without-route.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/listener-tcp-without-route.clusters.yaml
new file mode 100644
index 00000000000..0764d46f0ed
--- /dev/null
+++ b/internal/xds/translator/testdata/out/xds-ir/listener-tcp-without-route.clusters.yaml
@@ -0,0 +1,2 @@
+- name: EmptyCluster
+ type: STATIC
diff --git a/internal/xds/translator/testdata/out/xds-ir/listener-tcp-without-route.endpoints.yaml b/internal/xds/translator/testdata/out/xds-ir/listener-tcp-without-route.endpoints.yaml
new file mode 100644
index 00000000000..fe51488c706
--- /dev/null
+++ b/internal/xds/translator/testdata/out/xds-ir/listener-tcp-without-route.endpoints.yaml
@@ -0,0 +1 @@
+[]
diff --git a/internal/xds/translator/testdata/out/xds-ir/listener-tcp-without-route.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/listener-tcp-without-route.listeners.yaml
new file mode 100644
index 00000000000..93a9663d159
--- /dev/null
+++ b/internal/xds/translator/testdata/out/xds-ir/listener-tcp-without-route.listeners.yaml
@@ -0,0 +1,43 @@
+- address:
+ socketAddress:
+ address: 0.0.0.0
+ ipv4Compat: true
+ portValue: 10443
+ filterChains:
+ - filters:
+ - name: envoy.filters.network.connection_limit
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.filters.network.connection_limit.v3.ConnectionLimit
+ delay: 10s
+ maxConnections: "3"
+ statPrefix: tcp-10443
+ - name: envoy.filters.network.tcp_proxy
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
+ cluster: EmptyCluster
+ idleTimeout: 1200s
+ statPrefix: tcp-10443
+ name: EmptyCluster
+ listenerFilters:
+ - name: envoy.filters.listener.proxy_protocol
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.filters.listener.proxy_protocol.v3.ProxyProtocol
+ name: envoy-gateway/gateway-1/tls-1
+ perConnectionBufferLimitBytes: 50000000
+ socketOptions:
+ - description: socket option to enable tcp keep alive
+ intValue: "1"
+ level: "1"
+ name: "9"
+ - description: socket option for keep alive probes
+ intValue: "3"
+ level: "6"
+ name: "6"
+ - description: socket option for keep alive idle time
+ intValue: "1200"
+ level: "6"
+ name: "4"
+ - description: socket option for keep alive interval
+ intValue: "60"
+ level: "6"
+ name: "5"
diff --git a/internal/xds/translator/testdata/out/xds-ir/listener-tcp-without-route.routes.yaml b/internal/xds/translator/testdata/out/xds-ir/listener-tcp-without-route.routes.yaml
new file mode 100644
index 00000000000..fe51488c706
--- /dev/null
+++ b/internal/xds/translator/testdata/out/xds-ir/listener-tcp-without-route.routes.yaml
@@ -0,0 +1 @@
+[]
diff --git a/internal/xds/translator/testdata/out/xds-ir/load-balancer.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/load-balancer.clusters.yaml
index 0c2202ce28f..5067244aeba 100644
--- a/internal/xds/translator/testdata/out/xds-ir/load-balancer.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/load-balancer.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -21,7 +20,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -39,7 +37,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -57,7 +54,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -75,7 +71,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -96,7 +91,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -116,7 +110,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -134,7 +127,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -154,7 +146,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -172,7 +163,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/load-balancer.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/load-balancer.listeners.yaml
index c3fb113017a..a9b9065d238 100644
--- a/internal/xds/translator/testdata/out/xds-ir/load-balancer.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/load-balancer.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/local-ratelimit.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/local-ratelimit.clusters.yaml
index b7a2badfead..f36c0f1c777 100644
--- a/internal/xds/translator/testdata/out/xds-ir/local-ratelimit.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/local-ratelimit.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -40,7 +38,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/local-ratelimit.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/local-ratelimit.listeners.yaml
index 1f27366aa32..d23d6e5323a 100644
--- a/internal/xds/translator/testdata/out/xds-ir/local-ratelimit.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/local-ratelimit.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/metrics-virtual-host.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/metrics-virtual-host.clusters.yaml
index 9ada55d6523..ff1dac67640 100644
--- a/internal/xds/translator/testdata/out/xds-ir/metrics-virtual-host.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/metrics-virtual-host.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/metrics-virtual-host.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/metrics-virtual-host.listeners.yaml
index c3fb113017a..a9b9065d238 100644
--- a/internal/xds/translator/testdata/out/xds-ir/metrics-virtual-host.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/metrics-virtual-host.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/mixed-tls-jwt-authn.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/mixed-tls-jwt-authn.clusters.yaml
index 9ada55d6523..ff1dac67640 100644
--- a/internal/xds/translator/testdata/out/xds-ir/mixed-tls-jwt-authn.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/mixed-tls-jwt-authn.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/mixed-tls-jwt-authn.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/mixed-tls-jwt-authn.listeners.yaml
index 1426aeaa71f..565ad98228f 100644
--- a/internal/xds/translator/testdata/out/xds-ir/mixed-tls-jwt-authn.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/mixed-tls-jwt-authn.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
filterChains:
- filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/multiple-listeners-same-port-with-different-filters.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/multiple-listeners-same-port-with-different-filters.clusters.yaml
index c3b0666ab24..21ebdea126b 100755
--- a/internal/xds/translator/testdata/out/xds-ir/multiple-listeners-same-port-with-different-filters.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/multiple-listeners-same-port-with-different-filters.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -40,7 +38,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -58,7 +55,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -76,7 +72,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
dnsRefreshRate: 30s
lbPolicy: LEAST_REQUEST
loadAssignment:
diff --git a/internal/xds/translator/testdata/out/xds-ir/multiple-listeners-same-port-with-different-filters.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/multiple-listeners-same-port-with-different-filters.listeners.yaml
index 39bfe9f587b..44ffd11e130 100755
--- a/internal/xds/translator/testdata/out/xds-ir/multiple-listeners-same-port-with-different-filters.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/multiple-listeners-same-port-with-different-filters.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
address: 0.0.0.0
+ ipv4Compat: true
portValue: 10080
protocol: UDP
defaultFilterChain:
@@ -66,6 +67,7 @@
- address:
socketAddress:
address: 0.0.0.0
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/multiple-listeners-same-port.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/multiple-listeners-same-port.clusters.yaml
index bd6b6e1ae2e..8d9e43d36cf 100644
--- a/internal/xds/translator/testdata/out/xds-ir/multiple-listeners-same-port.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/multiple-listeners-same-port.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -40,7 +38,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -58,7 +55,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -76,7 +72,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -94,7 +89,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/multiple-listeners-same-port.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/multiple-listeners-same-port.listeners.yaml
index 86002534182..bfed5797031 100644
--- a/internal/xds/translator/testdata/out/xds-ir/multiple-listeners-same-port.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/multiple-listeners-same-port.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/multiple-simple-tcp-route-same-port.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/multiple-simple-tcp-route-same-port.clusters.yaml
index 19e6869eb5e..b98d486efea 100644
--- a/internal/xds/translator/testdata/out/xds-ir/multiple-simple-tcp-route-same-port.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/multiple-simple-tcp-route-same-port.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -40,7 +38,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -58,7 +55,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -76,7 +72,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/multiple-simple-tcp-route-same-port.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/multiple-simple-tcp-route-same-port.listeners.yaml
index 2df07dabd56..cf89025ba17 100644
--- a/internal/xds/translator/testdata/out/xds-ir/multiple-simple-tcp-route-same-port.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/multiple-simple-tcp-route-same-port.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
filterChains:
- filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/mutual-tls-forward-client-certificate-with-custom-data.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/mutual-tls-forward-client-certificate-with-custom-data.clusters.yaml
index ff3aedce52a..77dc55a8476 100644
--- a/internal/xds/translator/testdata/out/xds-ir/mutual-tls-forward-client-certificate-with-custom-data.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/mutual-tls-forward-client-certificate-with-custom-data.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -40,7 +38,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -58,7 +55,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -76,7 +72,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/mutual-tls-forward-client-certificate-with-custom-data.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/mutual-tls-forward-client-certificate-with-custom-data.listeners.yaml
index 7d177b2e092..8cc49659b0a 100644
--- a/internal/xds/translator/testdata/out/xds-ir/mutual-tls-forward-client-certificate-with-custom-data.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/mutual-tls-forward-client-certificate-with-custom-data.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10001
filterChains:
- filters:
@@ -59,7 +60,8 @@
perConnectionBufferLimitBytes: 32768
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10002
filterChains:
- filters:
@@ -119,7 +121,8 @@
perConnectionBufferLimitBytes: 32768
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10003
filterChains:
- filters:
@@ -181,7 +184,8 @@
perConnectionBufferLimitBytes: 32768
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10004
filterChains:
- filters:
@@ -245,7 +249,8 @@
perConnectionBufferLimitBytes: 32768
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10005
filterChains:
- filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/mutual-tls-forward-client-certificate.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/mutual-tls-forward-client-certificate.clusters.yaml
index ff3aedce52a..77dc55a8476 100644
--- a/internal/xds/translator/testdata/out/xds-ir/mutual-tls-forward-client-certificate.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/mutual-tls-forward-client-certificate.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -40,7 +38,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -58,7 +55,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -76,7 +72,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/mutual-tls-forward-client-certificate.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/mutual-tls-forward-client-certificate.listeners.yaml
index 33262561948..5404e9c4612 100644
--- a/internal/xds/translator/testdata/out/xds-ir/mutual-tls-forward-client-certificate.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/mutual-tls-forward-client-certificate.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10001
filterChains:
- filters:
@@ -59,7 +60,8 @@
perConnectionBufferLimitBytes: 32768
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10002
filterChains:
- filters:
@@ -119,7 +121,8 @@
perConnectionBufferLimitBytes: 32768
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10003
filterChains:
- filters:
@@ -179,7 +182,8 @@
perConnectionBufferLimitBytes: 32768
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10004
filterChains:
- filters:
@@ -239,7 +243,8 @@
perConnectionBufferLimitBytes: 32768
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10005
filterChains:
- filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/mutual-tls-required-client-certificate-disabled.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/mutual-tls-required-client-certificate-disabled.clusters.yaml
index 16f6727a1a1..8d317defa13 100644
--- a/internal/xds/translator/testdata/out/xds-ir/mutual-tls-required-client-certificate-disabled.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/mutual-tls-required-client-certificate-disabled.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/mutual-tls-required-client-certificate-disabled.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/mutual-tls-required-client-certificate-disabled.listeners.yaml
index bae66f2ff21..ff623ed0918 100644
--- a/internal/xds/translator/testdata/out/xds-ir/mutual-tls-required-client-certificate-disabled.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/mutual-tls-required-client-certificate-disabled.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
filterChains:
- filters:
@@ -59,7 +60,8 @@
perConnectionBufferLimitBytes: 32768
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10081
filterChains:
- filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/mutual-tls.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/mutual-tls.clusters.yaml
index 16f6727a1a1..8d317defa13 100644
--- a/internal/xds/translator/testdata/out/xds-ir/mutual-tls.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/mutual-tls.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/mutual-tls.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/mutual-tls.listeners.yaml
index cdb0e351dec..5322382f349 100644
--- a/internal/xds/translator/testdata/out/xds-ir/mutual-tls.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/mutual-tls.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
filterChains:
- filters:
@@ -59,7 +60,8 @@
perConnectionBufferLimitBytes: 32768
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10081
filterChains:
- filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/oidc-backend-cluster-provider.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/oidc-backend-cluster-provider.clusters.yaml
index e467e24db53..ca2d3f5e3fb 100644
--- a/internal/xds/translator/testdata/out/xds-ir/oidc-backend-cluster-provider.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/oidc-backend-cluster-provider.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
dnsRefreshRate: 30s
lbPolicy: LEAST_REQUEST
loadAssignment:
diff --git a/internal/xds/translator/testdata/out/xds-ir/oidc-backend-cluster-provider.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/oidc-backend-cluster-provider.listeners.yaml
index 3addb294484..995d70e1811 100644
--- a/internal/xds/translator/testdata/out/xds-ir/oidc-backend-cluster-provider.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/oidc-backend-cluster-provider.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/oidc.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/oidc.clusters.yaml
index f196a3fdd9a..52523fffbb8 100644
--- a/internal/xds/translator/testdata/out/xds-ir/oidc.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/oidc.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -40,7 +38,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
dnsRefreshRate: 30s
lbPolicy: LEAST_REQUEST
loadAssignment:
@@ -76,7 +73,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
dnsRefreshRate: 30s
lbPolicy: LEAST_REQUEST
loadAssignment:
diff --git a/internal/xds/translator/testdata/out/xds-ir/oidc.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/oidc.listeners.yaml
index 37178ddfe5f..f02d5214210 100644
--- a/internal/xds/translator/testdata/out/xds-ir/oidc.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/oidc.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/path-settings.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/path-settings.clusters.yaml
index 9ada55d6523..ff1dac67640 100644
--- a/internal/xds/translator/testdata/out/xds-ir/path-settings.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/path-settings.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/path-settings.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/path-settings.listeners.yaml
index c8eda3875ed..11e2a389c0d 100644
--- a/internal/xds/translator/testdata/out/xds-ir/path-settings.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/path-settings.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/proxy-protocol-upstream.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/proxy-protocol-upstream.clusters.yaml
index 47b4007397e..c5555faa87a 100644
--- a/internal/xds/translator/testdata/out/xds-ir/proxy-protocol-upstream.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/proxy-protocol-upstream.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/proxy-protocol-upstream.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/proxy-protocol-upstream.listeners.yaml
index c3fb113017a..a9b9065d238 100644
--- a/internal/xds/translator/testdata/out/xds-ir/proxy-protocol-upstream.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/proxy-protocol-upstream.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit-custom-domain.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit-custom-domain.clusters.yaml
index 182245f1986..dc5c30ab312 100644
--- a/internal/xds/translator/testdata/out/xds-ir/ratelimit-custom-domain.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/ratelimit-custom-domain.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -40,7 +38,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -58,7 +55,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
dnsRefreshRate: 30s
lbPolicy: LEAST_REQUEST
loadAssignment:
diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit-custom-domain.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit-custom-domain.listeners.yaml
index a80f448f017..2f68d5d848d 100644
--- a/internal/xds/translator/testdata/out/xds-ir/ratelimit-custom-domain.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/ratelimit-custom-domain.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit-disable-headers.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit-disable-headers.clusters.yaml
index d2577b68f8b..b74141720fa 100644
--- a/internal/xds/translator/testdata/out/xds-ir/ratelimit-disable-headers.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/ratelimit-disable-headers.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -40,7 +38,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -58,7 +55,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
dnsRefreshRate: 30s
lbPolicy: LEAST_REQUEST
loadAssignment:
diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit-disable-headers.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit-disable-headers.listeners.yaml
index 973d90913b4..821bf6ee840 100644
--- a/internal/xds/translator/testdata/out/xds-ir/ratelimit-disable-headers.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/ratelimit-disable-headers.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit-endpoint-stats.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit-endpoint-stats.clusters.yaml
index 4e607e59dbb..4eab9980691 100644
--- a/internal/xds/translator/testdata/out/xds-ir/ratelimit-endpoint-stats.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/ratelimit-endpoint-stats.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -24,7 +23,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -44,7 +42,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -64,7 +61,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
dnsRefreshRate: 30s
lbPolicy: LEAST_REQUEST
loadAssignment:
diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit-endpoint-stats.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit-endpoint-stats.listeners.yaml
index a80f448f017..2f68d5d848d 100644
--- a/internal/xds/translator/testdata/out/xds-ir/ratelimit-endpoint-stats.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/ratelimit-endpoint-stats.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit-headers-and-cidr.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit-headers-and-cidr.clusters.yaml
index d2577b68f8b..b74141720fa 100644
--- a/internal/xds/translator/testdata/out/xds-ir/ratelimit-headers-and-cidr.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/ratelimit-headers-and-cidr.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -40,7 +38,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -58,7 +55,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
dnsRefreshRate: 30s
lbPolicy: LEAST_REQUEST
loadAssignment:
diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit-headers-and-cidr.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit-headers-and-cidr.listeners.yaml
index a80f448f017..2f68d5d848d 100644
--- a/internal/xds/translator/testdata/out/xds-ir/ratelimit-headers-and-cidr.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/ratelimit-headers-and-cidr.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit-sourceip.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit-sourceip.clusters.yaml
index 8aff78e3195..a2926d67edd 100644
--- a/internal/xds/translator/testdata/out/xds-ir/ratelimit-sourceip.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/ratelimit-sourceip.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -40,7 +38,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -58,7 +55,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -76,7 +72,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
dnsRefreshRate: 30s
lbPolicy: LEAST_REQUEST
loadAssignment:
diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit-sourceip.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit-sourceip.listeners.yaml
index a80f448f017..2f68d5d848d 100644
--- a/internal/xds/translator/testdata/out/xds-ir/ratelimit-sourceip.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/ratelimit-sourceip.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit.clusters.yaml
index 8aff78e3195..a2926d67edd 100644
--- a/internal/xds/translator/testdata/out/xds-ir/ratelimit.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/ratelimit.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -40,7 +38,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -58,7 +55,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -76,7 +72,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
dnsRefreshRate: 30s
lbPolicy: LEAST_REQUEST
loadAssignment:
diff --git a/internal/xds/translator/testdata/out/xds-ir/ratelimit.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/ratelimit.listeners.yaml
index a80f448f017..2f68d5d848d 100644
--- a/internal/xds/translator/testdata/out/xds-ir/ratelimit.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/ratelimit.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/retry-partial-invalid.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/retry-partial-invalid.clusters.yaml
index 9ada55d6523..ff1dac67640 100644
--- a/internal/xds/translator/testdata/out/xds-ir/retry-partial-invalid.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/retry-partial-invalid.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/retry-partial-invalid.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/retry-partial-invalid.listeners.yaml
index c3fb113017a..a9b9065d238 100644
--- a/internal/xds/translator/testdata/out/xds-ir/retry-partial-invalid.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/retry-partial-invalid.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/securitypolicy-with-oidc-jwt-authz.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/securitypolicy-with-oidc-jwt-authz.clusters.yaml
new file mode 100644
index 00000000000..f4f58fe1cc9
--- /dev/null
+++ b/internal/xds/translator/testdata/out/xds-ir/securitypolicy-with-oidc-jwt-authz.clusters.yaml
@@ -0,0 +1,52 @@
+- circuitBreakers:
+ thresholds:
+ - maxRetries: 1024
+ commonLbConfig:
+ localityWeightedLbConfig: {}
+ connectTimeout: 10s
+ edsClusterConfig:
+ edsConfig:
+ ads: {}
+ resourceApiVersion: V3
+ serviceName: httproute/default/httproute-1/rule/0
+ ignoreHealthOnHostRemoval: true
+ lbPolicy: LEAST_REQUEST
+ name: httproute/default/httproute-1/rule/0
+ outlierDetection: {}
+ perConnectionBufferLimitBytes: 32768
+ type: EDS
+- circuitBreakers:
+ thresholds:
+ - maxRetries: 1024
+ commonLbConfig:
+ localityWeightedLbConfig: {}
+ connectTimeout: 10s
+ dnsRefreshRate: 30s
+ lbPolicy: LEAST_REQUEST
+ loadAssignment:
+ clusterName: oidc_example_com_443
+ endpoints:
+ - lbEndpoints:
+ - endpoint:
+ address:
+ socketAddress:
+ address: oidc.example.com
+ portValue: 443
+ loadBalancingWeight: 1
+ loadBalancingWeight: 1
+ locality:
+ region: oidc_example_com_443/backend/0
+ name: oidc_example_com_443
+ outlierDetection: {}
+ perConnectionBufferLimitBytes: 32768
+ respectDnsTtl: true
+ transportSocket:
+ name: envoy.transport_sockets.tls
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
+ commonTlsContext:
+ validationContext:
+ trustedCa:
+ filename: /etc/ssl/certs/ca-certificates.crt
+ sni: oidc.example.com
+ type: STRICT_DNS
diff --git a/internal/xds/translator/testdata/out/xds-ir/securitypolicy-with-oidc-jwt-authz.endpoints.yaml b/internal/xds/translator/testdata/out/xds-ir/securitypolicy-with-oidc-jwt-authz.endpoints.yaml
new file mode 100644
index 00000000000..29bb6b4e444
--- /dev/null
+++ b/internal/xds/translator/testdata/out/xds-ir/securitypolicy-with-oidc-jwt-authz.endpoints.yaml
@@ -0,0 +1,12 @@
+- clusterName: httproute/default/httproute-1/rule/0
+ endpoints:
+ - lbEndpoints:
+ - endpoint:
+ address:
+ socketAddress:
+ address: 7.7.7.7
+ portValue: 8080
+ loadBalancingWeight: 1
+ loadBalancingWeight: 1
+ locality:
+ region: httproute/default/httproute-1/rule/0/backend/0
diff --git a/internal/xds/translator/testdata/out/xds-ir/securitypolicy-with-oidc-jwt-authz.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/securitypolicy-with-oidc-jwt-authz.listeners.yaml
new file mode 100644
index 00000000000..d8e6bbf9091
--- /dev/null
+++ b/internal/xds/translator/testdata/out/xds-ir/securitypolicy-with-oidc-jwt-authz.listeners.yaml
@@ -0,0 +1,108 @@
+- address:
+ socketAddress:
+ address: 0.0.0.0
+ ipv4Compat: true
+ portValue: 10080
+ defaultFilterChain:
+ filters:
+ - name: envoy.filters.network.http_connection_manager
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+ commonHttpProtocolOptions:
+ headersWithUnderscoresAction: REJECT_REQUEST
+ http2ProtocolOptions:
+ initialConnectionWindowSize: 1048576
+ initialStreamWindowSize: 65536
+ maxConcurrentStreams: 100
+ httpFilters:
+ - disabled: true
+ name: envoy.filters.http.oauth2/securitypolicy/default/policy-for-http-route
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.filters.http.oauth2.v3.OAuth2
+ config:
+ authScopes:
+ - openid
+ - email
+ - profile
+ authType: BASIC_AUTH
+ authorizationEndpoint: https://oidc.example.com/authorize
+ credentials:
+ clientId: prometheus
+ cookieNames:
+ bearerToken: AccessToken-5f93c2e4
+ idToken: IdToken
+ oauthExpires: OauthExpires-5f93c2e4
+ oauthHmac: OauthHMAC-5f93c2e4
+ oauthNonce: OauthNonce-5f93c2e4
+ refreshToken: RefreshToken-5f93c2e4
+ hmacSecret:
+ name: oauth2/hmac_secret/securitypolicy/default/policy-for-http-route
+ sdsConfig:
+ ads: {}
+ resourceApiVersion: V3
+ tokenSecret:
+ name: oauth2/client_secret/securitypolicy/default/policy-for-http-route
+ sdsConfig:
+ ads: {}
+ resourceApiVersion: V3
+ preserveAuthorizationHeader: true
+ redirectPathMatcher:
+ path:
+ exact: /oauth2/callback
+ redirectUri: '%REQ(x-forwarded-proto)%://%REQ(:authority)%/oauth2/callback'
+ signoutPath:
+ path:
+ exact: /logout
+ tokenEndpoint:
+ cluster: oidc_example_com_443
+ timeout: 10s
+ uri: https://oidc.example.com/oauth/token
+ useRefreshToken: false
+ - name: envoy.filters.http.jwt_authn
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.filters.http.jwt_authn.v3.JwtAuthentication
+ providers:
+ httproute/default/httproute-1/rule/0/match/0/www_example_com/exjwt:
+ claimToHeaders:
+ - claimName: email
+ headerName: x-user-email
+ forward: true
+ fromCookies:
+ - IdToken
+ issuer: https://oidc.example.com/auth/realms/example
+ normalizePayloadInMetadata:
+ spaceDelimitedClaims:
+ - scope
+ payloadInMetadata: exjwt
+ remoteJwks:
+ asyncFetch: {}
+ cacheDuration: 300s
+ httpUri:
+ cluster: oidc_example_com_443
+ timeout: 10s
+ uri: https://oidc.example.com/auth/realms/example/protocol/openid-connect/certs
+ retryPolicy: {}
+ requirementMap:
+ httproute/default/httproute-1/rule/0/match/0/www_example_com:
+ providerName: httproute/default/httproute-1/rule/0/match/0/www_example_com/exjwt
+ - name: envoy.filters.http.rbac
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC
+ - name: envoy.filters.http.router
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
+ suppressEnvoyHeaders: true
+ mergeSlashes: true
+ normalizePath: true
+ pathWithEscapedSlashesAction: UNESCAPE_AND_REDIRECT
+ rds:
+ configSource:
+ ads: {}
+ resourceApiVersion: V3
+ routeConfigName: envoy-gateway/gateway-1/http
+ serverHeaderTransformation: PASS_THROUGH
+ statPrefix: http-10080
+ useRemoteAddress: true
+ name: envoy-gateway/gateway-1/http
+ name: envoy-gateway/gateway-1/http
+ perConnectionBufferLimitBytes: 32768
diff --git a/internal/xds/translator/testdata/out/xds-ir/securitypolicy-with-oidc-jwt-authz.routes.yaml b/internal/xds/translator/testdata/out/xds-ir/securitypolicy-with-oidc-jwt-authz.routes.yaml
new file mode 100644
index 00000000000..9c66aad8e61
--- /dev/null
+++ b/internal/xds/translator/testdata/out/xds-ir/securitypolicy-with-oidc-jwt-authz.routes.yaml
@@ -0,0 +1,74 @@
+- ignorePortInHostMatching: true
+ name: envoy-gateway/gateway-1/http
+ virtualHosts:
+ - domains:
+ - www.example.com
+ metadata:
+ filterMetadata:
+ envoy-gateway:
+ resources:
+ - kind: Gateway
+ name: gateway-1
+ namespace: envoy-gateway
+ sectionName: http
+ name: envoy-gateway/gateway-1/http/www_example_com
+ routes:
+ - match:
+ pathSeparatedPrefix: /foo
+ metadata:
+ filterMetadata:
+ envoy-gateway:
+ resources:
+ - kind: HTTPRoute
+ name: httproute-1
+ namespace: default
+ name: httproute/default/httproute-1/rule/0/match/0/www_example_com
+ route:
+ cluster: httproute/default/httproute-1/rule/0
+ upgradeConfigs:
+ - upgradeType: websocket
+ typedPerFilterConfig:
+ envoy.filters.http.jwt_authn:
+ '@type': type.googleapis.com/envoy.extensions.filters.http.jwt_authn.v3.PerRouteConfig
+ requirementName: httproute/default/httproute-1/rule/0/match/0/www_example_com
+ envoy.filters.http.oauth2/securitypolicy/default/policy-for-http-route:
+ '@type': type.googleapis.com/envoy.config.route.v3.FilterConfig
+ config: {}
+ envoy.filters.http.rbac:
+ '@type': type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBACPerRoute
+ rbac:
+ matcher:
+ matcherList:
+ matchers:
+ - onMatch:
+ action:
+ name: allow
+ typedConfig:
+ '@type': type.googleapis.com/envoy.config.rbac.v3.Action
+ name: ALLOW
+ predicate:
+ singlePredicate:
+ customMatch:
+ name: claim_matcher
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.matching.input_matchers.metadata.v3.Metadata
+ value:
+ listMatch:
+ oneOf:
+ stringMatch:
+ exact: foobar
+ input:
+ name: claim
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.matching.common_inputs.network.v3.DynamicMetadataInput
+ filter: envoy.filters.http.jwt_authn
+ path:
+ - key: exjwt
+ - key: groups
+ onNoMatch:
+ action:
+ name: default
+ typedConfig:
+ '@type': type.googleapis.com/envoy.config.rbac.v3.Action
+ action: DENY
+ name: DENY
diff --git a/internal/xds/translator/testdata/out/xds-ir/securitypolicy-with-oidc-jwt-authz.secrets.yaml b/internal/xds/translator/testdata/out/xds-ir/securitypolicy-with-oidc-jwt-authz.secrets.yaml
new file mode 100644
index 00000000000..8e76f23ccd3
--- /dev/null
+++ b/internal/xds/translator/testdata/out/xds-ir/securitypolicy-with-oidc-jwt-authz.secrets.yaml
@@ -0,0 +1,8 @@
+- genericSecret:
+ secret:
+ inlineBytes: W3JlZGFjdGVkXQ==
+ name: oauth2/client_secret/securitypolicy/default/policy-for-http-route
+- genericSecret:
+ secret:
+ inlineBytes: W3JlZGFjdGVkXQ==
+ name: oauth2/hmac_secret/securitypolicy/default/policy-for-http-route
diff --git a/internal/xds/translator/testdata/out/xds-ir/simple-tls.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/simple-tls.clusters.yaml
index 9ada55d6523..ff1dac67640 100644
--- a/internal/xds/translator/testdata/out/xds-ir/simple-tls.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/simple-tls.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/simple-tls.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/simple-tls.listeners.yaml
index 3d65ed1a895..9f852cd8701 100644
--- a/internal/xds/translator/testdata/out/xds-ir/simple-tls.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/simple-tls.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
filterChains:
- filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/suppress-envoy-headers.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/suppress-envoy-headers.clusters.yaml
index 9ada55d6523..ff1dac67640 100644
--- a/internal/xds/translator/testdata/out/xds-ir/suppress-envoy-headers.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/suppress-envoy-headers.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/suppress-envoy-headers.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/suppress-envoy-headers.listeners.yaml
index 4c624b8788f..2488a8f083c 100644
--- a/internal/xds/translator/testdata/out/xds-ir/suppress-envoy-headers.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/suppress-envoy-headers.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
filterChains:
- filterChainMatch:
diff --git a/internal/xds/translator/testdata/out/xds-ir/tcp-endpoint-stats.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/tcp-endpoint-stats.clusters.yaml
index fe51488c706..d5e5aeaf991 100644
--- a/internal/xds/translator/testdata/out/xds-ir/tcp-endpoint-stats.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/tcp-endpoint-stats.clusters.yaml
@@ -1 +1,19 @@
-[]
+- circuitBreakers:
+ thresholds:
+ - maxRetries: 1024
+ commonLbConfig:
+ localityWeightedLbConfig: {}
+ connectTimeout: 10s
+ edsClusterConfig:
+ edsConfig:
+ ads: {}
+ resourceApiVersion: V3
+ serviceName: tcp-route-simple-dest
+ ignoreHealthOnHostRemoval: true
+ lbPolicy: LEAST_REQUEST
+ name: tcp-route-simple-dest
+ outlierDetection: {}
+ perConnectionBufferLimitBytes: 32768
+ trackClusterStats:
+ perEndpointStats: true
+ type: EDS
diff --git a/internal/xds/translator/testdata/out/xds-ir/tcp-endpoint-stats.endpoints.yaml b/internal/xds/translator/testdata/out/xds-ir/tcp-endpoint-stats.endpoints.yaml
index fe51488c706..7eb06a08f40 100644
--- a/internal/xds/translator/testdata/out/xds-ir/tcp-endpoint-stats.endpoints.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/tcp-endpoint-stats.endpoints.yaml
@@ -1 +1,18 @@
-[]
+- clusterName: tcp-route-simple-dest
+ endpoints:
+ - lbEndpoints:
+ - endpoint:
+ address:
+ socketAddress:
+ address: 1.2.3.4
+ portValue: 50000
+ loadBalancingWeight: 1
+ - endpoint:
+ address:
+ socketAddress:
+ address: 5.6.7.8
+ portValue: 50001
+ loadBalancingWeight: 1
+ loadBalancingWeight: 1
+ locality:
+ region: tcp-route-simple-dest/backend/0
diff --git a/internal/xds/translator/testdata/out/xds-ir/tcp-endpoint-stats.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/tcp-endpoint-stats.listeners.yaml
index 2e300bdfaad..12011f9ae49 100644
--- a/internal/xds/translator/testdata/out/xds-ir/tcp-endpoint-stats.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/tcp-endpoint-stats.listeners.yaml
@@ -1,6 +1,14 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
+ filterChains:
+ - filters:
+ - name: envoy.filters.network.tcp_proxy
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
+ cluster: tcp-route-simple-dest
+ statPrefix: tcp-10080
name: tcp-route-enable-endpoint-stats
perConnectionBufferLimitBytes: 32768
diff --git a/internal/xds/translator/testdata/out/xds-ir/tcp-listener-ipfamily.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/tcp-listener-ipfamily.clusters.yaml
index 1daefb357c5..394a72179b0 100644
--- a/internal/xds/translator/testdata/out/xds-ir/tcp-listener-ipfamily.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/tcp-listener-ipfamily.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/tcp-listener-ipfamily.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/tcp-listener-ipfamily.listeners.yaml
index 0615ffcff8a..33d35dcfdbc 100644
--- a/internal/xds/translator/testdata/out/xds-ir/tcp-listener-ipfamily.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/tcp-listener-ipfamily.listeners.yaml
@@ -1,11 +1,7 @@
-- additionalAddresses:
- - address:
- socketAddress:
- address: '::'
- portValue: 8082
- address:
+- address:
socketAddress:
address: 0.0.0.0
+ ipv4Compat: true
portValue: 8082
filterChains:
- filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/tcp-req-resp-sizes-stats.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/tcp-req-resp-sizes-stats.clusters.yaml
index fe51488c706..8fd985878cc 100644
--- a/internal/xds/translator/testdata/out/xds-ir/tcp-req-resp-sizes-stats.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/tcp-req-resp-sizes-stats.clusters.yaml
@@ -1 +1,19 @@
-[]
+- circuitBreakers:
+ thresholds:
+ - maxRetries: 1024
+ commonLbConfig:
+ localityWeightedLbConfig: {}
+ connectTimeout: 10s
+ edsClusterConfig:
+ edsConfig:
+ ads: {}
+ resourceApiVersion: V3
+ serviceName: tcp-route-simple-dest
+ ignoreHealthOnHostRemoval: true
+ lbPolicy: LEAST_REQUEST
+ name: tcp-route-simple-dest
+ outlierDetection: {}
+ perConnectionBufferLimitBytes: 32768
+ trackClusterStats:
+ requestResponseSizes: true
+ type: EDS
diff --git a/internal/xds/translator/testdata/out/xds-ir/tcp-req-resp-sizes-stats.endpoints.yaml b/internal/xds/translator/testdata/out/xds-ir/tcp-req-resp-sizes-stats.endpoints.yaml
index fe51488c706..7eb06a08f40 100644
--- a/internal/xds/translator/testdata/out/xds-ir/tcp-req-resp-sizes-stats.endpoints.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/tcp-req-resp-sizes-stats.endpoints.yaml
@@ -1 +1,18 @@
-[]
+- clusterName: tcp-route-simple-dest
+ endpoints:
+ - lbEndpoints:
+ - endpoint:
+ address:
+ socketAddress:
+ address: 1.2.3.4
+ portValue: 50000
+ loadBalancingWeight: 1
+ - endpoint:
+ address:
+ socketAddress:
+ address: 5.6.7.8
+ portValue: 50001
+ loadBalancingWeight: 1
+ loadBalancingWeight: 1
+ locality:
+ region: tcp-route-simple-dest/backend/0
diff --git a/internal/xds/translator/testdata/out/xds-ir/tcp-req-resp-sizes-stats.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/tcp-req-resp-sizes-stats.listeners.yaml
index 994341e55ec..c70b6728097 100644
--- a/internal/xds/translator/testdata/out/xds-ir/tcp-req-resp-sizes-stats.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/tcp-req-resp-sizes-stats.listeners.yaml
@@ -1,6 +1,14 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
+ filterChains:
+ - filters:
+ - name: envoy.filters.network.tcp_proxy
+ typedConfig:
+ '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
+ cluster: tcp-route-simple-dest
+ statPrefix: tcp-10080
name: tcp-route-enable-req-resp-sizes-stats
perConnectionBufferLimitBytes: 32768
diff --git a/internal/xds/translator/testdata/out/xds-ir/tcp-route-complex.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/tcp-route-complex.clusters.yaml
index c6291c77dd5..7c294e2efa3 100644
--- a/internal/xds/translator/testdata/out/xds-ir/tcp-route-complex.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/tcp-route-complex.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/tcp-route-complex.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/tcp-route-complex.listeners.yaml
index 336e84c9eab..5023b077b09 100644
--- a/internal/xds/translator/testdata/out/xds-ir/tcp-route-complex.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/tcp-route-complex.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
filterChains:
- filterChainMatch:
diff --git a/internal/xds/translator/testdata/out/xds-ir/tcp-route-simple.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/tcp-route-simple.clusters.yaml
index aa8f0b0902b..2653bb96c8d 100644
--- a/internal/xds/translator/testdata/out/xds-ir/tcp-route-simple.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/tcp-route-simple.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/tcp-route-simple.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/tcp-route-simple.listeners.yaml
index 4dc8055463a..72f40213b1b 100644
--- a/internal/xds/translator/testdata/out/xds-ir/tcp-route-simple.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/tcp-route-simple.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
filterChains:
- filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/tcp-route-tls-terminate.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/tcp-route-tls-terminate.clusters.yaml
index dbd196ef664..122e0dad7dc 100644
--- a/internal/xds/translator/testdata/out/xds-ir/tcp-route-tls-terminate.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/tcp-route-tls-terminate.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/tcp-route-tls-terminate.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/tcp-route-tls-terminate.listeners.yaml
index b3f30d194ed..4423eb58f5b 100644
--- a/internal/xds/translator/testdata/out/xds-ir/tcp-route-tls-terminate.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/tcp-route-tls-terminate.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
filterChains:
- filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/tcp-route-weighted-backend.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/tcp-route-weighted-backend.clusters.yaml
index 2219185b250..da821625c09 100644
--- a/internal/xds/translator/testdata/out/xds-ir/tcp-route-weighted-backend.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/tcp-route-weighted-backend.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/tcp-route-weighted-backend.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/tcp-route-weighted-backend.listeners.yaml
index 7c84083a0ba..4ec20d0cc11 100644
--- a/internal/xds/translator/testdata/out/xds-ir/tcp-route-weighted-backend.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/tcp-route-weighted-backend.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
filterChains:
- filterChainMatch:
diff --git a/internal/xds/translator/testdata/out/xds-ir/timeout.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/timeout.clusters.yaml
index 4c2749a767a..109e9d1392c 100644
--- a/internal/xds/translator/testdata/out/xds-ir/timeout.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/timeout.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 31s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/timeout.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/timeout.listeners.yaml
index c3fb113017a..a9b9065d238 100644
--- a/internal/xds/translator/testdata/out/xds-ir/timeout.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/timeout.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/tls-route-passthrough.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/tls-route-passthrough.clusters.yaml
index c2659deb6c9..4cfa1289322 100644
--- a/internal/xds/translator/testdata/out/xds-ir/tls-route-passthrough.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/tls-route-passthrough.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
dnsRefreshRate: 30s
lbPolicy: LEAST_REQUEST
loadAssignment:
diff --git a/internal/xds/translator/testdata/out/xds-ir/tls-route-passthrough.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/tls-route-passthrough.listeners.yaml
index d5d32d6ee55..dab6fe543f3 100644
--- a/internal/xds/translator/testdata/out/xds-ir/tls-route-passthrough.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/tls-route-passthrough.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
filterChains:
- filterChainMatch:
@@ -21,7 +22,8 @@
perConnectionBufferLimitBytes: 32768
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10081
filterChains:
- filterChainMatch:
diff --git a/internal/xds/translator/testdata/out/xds-ir/tls-with-ciphers-versions-alpn.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/tls-with-ciphers-versions-alpn.clusters.yaml
index 16f6727a1a1..8d317defa13 100644
--- a/internal/xds/translator/testdata/out/xds-ir/tls-with-ciphers-versions-alpn.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/tls-with-ciphers-versions-alpn.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/tls-with-ciphers-versions-alpn.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/tls-with-ciphers-versions-alpn.listeners.yaml
index 7eee7e167c0..64028f1420d 100644
--- a/internal/xds/translator/testdata/out/xds-ir/tls-with-ciphers-versions-alpn.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/tls-with-ciphers-versions-alpn.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
filterChains:
- filterChainMatch:
@@ -79,7 +80,8 @@
perConnectionBufferLimitBytes: 32768
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10081
filterChains:
- filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/tracing-datadog.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/tracing-datadog.clusters.yaml
index 7597e1328d9..12088c45682 100644
--- a/internal/xds/translator/testdata/out/xds-ir/tracing-datadog.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/tracing-datadog.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
dnsRefreshRate: 30s
lbPolicy: LEAST_REQUEST
loadAssignment:
diff --git a/internal/xds/translator/testdata/out/xds-ir/tracing-datadog.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/tracing-datadog.listeners.yaml
index 07a3d581575..7f41a9bed98 100644
--- a/internal/xds/translator/testdata/out/xds-ir/tracing-datadog.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/tracing-datadog.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/tracing-endpoint-stats.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/tracing-endpoint-stats.clusters.yaml
index 7ea8aa936c4..304574452d2 100644
--- a/internal/xds/translator/testdata/out/xds-ir/tracing-endpoint-stats.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/tracing-endpoint-stats.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -24,7 +23,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
dnsRefreshRate: 30s
lbPolicy: LEAST_REQUEST
loadAssignment:
diff --git a/internal/xds/translator/testdata/out/xds-ir/tracing-endpoint-stats.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/tracing-endpoint-stats.listeners.yaml
index a98dfd0d9d4..e19a79d30dc 100644
--- a/internal/xds/translator/testdata/out/xds-ir/tracing-endpoint-stats.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/tracing-endpoint-stats.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/tracing-zipkin.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/tracing-zipkin.clusters.yaml
index f1a975a6e6a..d1459afe991 100644
--- a/internal/xds/translator/testdata/out/xds-ir/tracing-zipkin.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/tracing-zipkin.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
dnsRefreshRate: 30s
lbPolicy: LEAST_REQUEST
loadAssignment:
diff --git a/internal/xds/translator/testdata/out/xds-ir/tracing-zipkin.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/tracing-zipkin.listeners.yaml
index 6efe38a6b12..e5532223241 100644
--- a/internal/xds/translator/testdata/out/xds-ir/tracing-zipkin.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/tracing-zipkin.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/tracing.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/tracing.clusters.yaml
index 975086f5fff..f211422edc5 100644
--- a/internal/xds/translator/testdata/out/xds-ir/tracing.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/tracing.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -23,7 +22,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 15s
- dnsLookupFamily: V4_ONLY
dnsRefreshRate: 30s
lbPolicy: LEAST_REQUEST
loadAssignment:
diff --git a/internal/xds/translator/testdata/out/xds-ir/tracing.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/tracing.listeners.yaml
index 599eb3b58af..5832f199bc9 100644
--- a/internal/xds/translator/testdata/out/xds-ir/tracing.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/tracing.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/udp-endpoint-stats.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/udp-endpoint-stats.clusters.yaml
index dd47af97cdd..6090f4f8ec2 100644
--- a/internal/xds/translator/testdata/out/xds-ir/udp-endpoint-stats.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/udp-endpoint-stats.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/udp-endpoint-stats.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/udp-endpoint-stats.listeners.yaml
index 8d9eaea1141..09c7681d79e 100644
--- a/internal/xds/translator/testdata/out/xds-ir/udp-endpoint-stats.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/udp-endpoint-stats.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
protocol: UDP
listenerFilters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/udp-req-resp-sizes-stats.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/udp-req-resp-sizes-stats.clusters.yaml
index 7ce45648946..2f1ed3604e8 100644
--- a/internal/xds/translator/testdata/out/xds-ir/udp-req-resp-sizes-stats.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/udp-req-resp-sizes-stats.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/udp-req-resp-sizes-stats.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/udp-req-resp-sizes-stats.listeners.yaml
index 6bf13465916..cc92fbd6ed6 100644
--- a/internal/xds/translator/testdata/out/xds-ir/udp-req-resp-sizes-stats.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/udp-req-resp-sizes-stats.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
protocol: UDP
listenerFilters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/udp-route.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/udp-route.clusters.yaml
index e153c882fd6..14df838b6e6 100644
--- a/internal/xds/translator/testdata/out/xds-ir/udp-route.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/udp-route.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/udp-route.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/udp-route.listeners.yaml
index 317a7ddc4dd..71f29a0035a 100644
--- a/internal/xds/translator/testdata/out/xds-ir/udp-route.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/udp-route.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
protocol: UDP
listenerFilters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/upstream-tcpkeepalive.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/upstream-tcpkeepalive.clusters.yaml
index eca236db657..5d663e5665e 100644
--- a/internal/xds/translator/testdata/out/xds-ir/upstream-tcpkeepalive.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/upstream-tcpkeepalive.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/upstream-tcpkeepalive.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/upstream-tcpkeepalive.listeners.yaml
index c3fb113017a..a9b9065d238 100644
--- a/internal/xds/translator/testdata/out/xds-ir/upstream-tcpkeepalive.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/upstream-tcpkeepalive.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
- address: 0.0.0.0
+ address: '::'
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
diff --git a/internal/xds/translator/testdata/out/xds-ir/wasm.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/wasm.clusters.yaml
index 408fc9c218e..8e3ac051015 100755
--- a/internal/xds/translator/testdata/out/xds-ir/wasm.clusters.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/wasm.clusters.yaml
@@ -4,7 +4,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
@@ -22,7 +21,6 @@
commonLbConfig:
localityWeightedLbConfig: {}
connectTimeout: 10s
- dnsLookupFamily: V4_ONLY
edsClusterConfig:
edsConfig:
ads: {}
diff --git a/internal/xds/translator/testdata/out/xds-ir/wasm.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/wasm.listeners.yaml
index a4545e62e2c..bbb4b7109a8 100755
--- a/internal/xds/translator/testdata/out/xds-ir/wasm.listeners.yaml
+++ b/internal/xds/translator/testdata/out/xds-ir/wasm.listeners.yaml
@@ -1,6 +1,7 @@
- address:
socketAddress:
address: 0.0.0.0
+ ipv4Compat: true
portValue: 10080
defaultFilterChain:
filters:
@@ -90,6 +91,10 @@
timeout: 10s
uri: https://envoy-gateway:18002/42d30b4a4cc631415e6e48c02d244700da327201eb273f752cacf745715b31d9.wasm
sha256: 2a19e4f337e5223d7287e7fccd933fb01905deaff804292e5257f8c681b82bee
+ environmentVariables:
+ hostEnvKeys:
+ - SOME_KEY
+ - ANOTHER_KEY
runtime: envoy.wasm.runtime.v8
vmId: envoyextensionpolicy/envoy-gateway/policy-for-gateway/wasm/2
- name: envoy.filters.http.router
diff --git a/internal/xds/translator/tracing.go b/internal/xds/translator/tracing.go
index 3e817bad1bf..ee3f4f5e907 100644
--- a/internal/xds/translator/tracing.go
+++ b/internal/xds/translator/tracing.go
@@ -6,7 +6,6 @@
package translator
import (
- "errors"
"fmt"
"sort"
@@ -176,7 +175,7 @@ func processClusterForTracing(tCtx *types.ResourceVersionTable, tracing *ir.Trac
if traffic == nil {
traffic = &ir.TrafficFeatures{}
}
- if err := addXdsCluster(tCtx, &xdsClusterArgs{
+ return addXdsCluster(tCtx, &xdsClusterArgs{
name: tracing.Destination.Name,
settings: tracing.Destination.Settings,
tSocket: nil,
@@ -191,8 +190,5 @@ func processClusterForTracing(tCtx *types.ResourceVersionTable, tracing *ir.Trac
backendConnection: traffic.BackendConnection,
dns: traffic.DNS,
http2Settings: traffic.HTTP2,
- }); err != nil && !errors.Is(err, ErrXdsClusterExists) {
- return err
- }
- return nil
+ })
}
diff --git a/internal/xds/translator/translator.go b/internal/xds/translator/translator.go
index 27c0d3c5a04..a76382dd569 100644
--- a/internal/xds/translator/translator.go
+++ b/internal/xds/translator/translator.go
@@ -34,13 +34,12 @@ import (
"github.com/envoyproxy/gateway/internal/xds/types"
)
-var (
- ErrXdsClusterExists = errors.New("xds cluster exists")
- ErrXdsSecretExists = errors.New("xds secret exists")
+const (
+ AuthorityHeaderKey = ":authority"
+ // The dummy cluster for TCP listeners that have no routes
+ emptyClusterName = "EmptyCluster"
)
-const AuthorityHeaderKey = ":authority"
-
// Translator translates the xDS IR into xDS resources.
type Translator struct {
// GlobalRateLimit holds the global rate limit settings
@@ -230,7 +229,7 @@ func (t *Translator) processHTTPListenerXdsTranslation(
// Create a new TCP listener for HTTP1/HTTP2 traffic.
if tcpXDSListener, err = buildXdsTCPListener(
- httpListener.Name, httpListener.Address, httpListener.Port, httpListener.IPFamily,
+ httpListener.Name, httpListener.Address, httpListener.Port,
httpListener.TCPKeepalive, httpListener.Connection, accessLog); err != nil {
errs = errors.Join(errs, err)
continue
@@ -487,7 +486,7 @@ func (t *Translator) addRouteToRouteConfig(
tSocket: nil,
endpointType: EndpointTypeStatic,
metrics: metrics,
- }); err != nil && !errors.Is(err, ErrXdsClusterExists) {
+ }); err != nil {
errs = errors.Join(errs, err)
}
}
@@ -576,7 +575,7 @@ func (t *Translator) processTCPListenerXdsTranslation(
xdsListener := findXdsListenerByHostPort(tCtx, tcpListener.Address, tcpListener.Port, corev3.SocketAddress_TCP)
if xdsListener == nil {
if xdsListener, err = buildXdsTCPListener(
- tcpListener.Name, tcpListener.Address, tcpListener.Port, tcpListener.IPFamily,
+ tcpListener.Name, tcpListener.Address, tcpListener.Port,
tcpListener.TCPKeepalive, tcpListener.Connection, accesslog); err != nil {
// skip this listener if failed to build xds listener
errs = errors.Join(errs, err)
@@ -598,7 +597,7 @@ func (t *Translator) processTCPListenerXdsTranslation(
patchProxyProtocolFilter(xdsListener, tcpListener.EnableProxyProtocol)
for _, route := range tcpListener.Routes {
- if err := processXdsCluster(tCtx, &TCPRouteTranslator{route}, &ExtraArgs{metrics: metrics}); err != nil && !errors.Is(err, ErrXdsClusterExists) {
+ if err := processXdsCluster(tCtx, &TCPRouteTranslator{route}, &ExtraArgs{metrics: metrics}); err != nil {
errs = errors.Join(errs, err)
}
if route.TLS != nil && route.TLS.Terminate != nil {
@@ -627,6 +626,31 @@ func (t *Translator) processTCPListenerXdsTranslation(
errs = errors.Join(errs, err)
}
}
+
+ // If there are no routes, add a route without a destination to the listener to create a filter chain
+ // This is needed because Envoy requires a filter chain to be present in the listener, otherwise it will reject the listener and report a warning
+ if len(tcpListener.Routes) == 0 {
+ emptyRouteCluster := &clusterv3.Cluster{
+ Name: emptyClusterName,
+ ClusterDiscoveryType: &clusterv3.Cluster_Type{Type: clusterv3.Cluster_STATIC},
+ }
+
+ if findXdsCluster(tCtx, emptyClusterName) == nil {
+ if err := tCtx.AddXdsResource(resourcev3.ClusterType, emptyRouteCluster); err != nil {
+ errs = errors.Join(errs, err)
+ }
+ }
+
+ emptyRoute := &ir.TCPRoute{
+ Name: emptyClusterName,
+ Destination: &ir.RouteDestination{
+ Name: emptyClusterName,
+ },
+ }
+ if err := addXdsTCPFilterChain(xdsListener, emptyRoute, emptyClusterName, accesslog, tcpListener.Timeout, tcpListener.Connection); err != nil {
+ errs = errors.Join(errs, err)
+ }
+ }
}
return errs
}
@@ -660,7 +684,7 @@ func processUDPListenerXdsTranslation(
}
// 1:1 between IR UDPRoute and xDS Cluster
- if err := processXdsCluster(tCtx, &UDPRouteTranslator{route}, &ExtraArgs{metrics: metrics}); err != nil && !errors.Is(err, ErrXdsClusterExists) {
+ if err := processXdsCluster(tCtx, &UDPRouteTranslator{route}, &ExtraArgs{metrics: metrics}); err != nil {
errs = errors.Join(errs, err)
}
}
@@ -754,10 +778,7 @@ func findXdsEndpoint(tCtx *types.ResourceVersionTable, name string) *endpointv3.
// processXdsCluster processes xds cluster with args per route.
func processXdsCluster(tCtx *types.ResourceVersionTable, route clusterArgs, extras *ExtraArgs) error {
- if err := addXdsCluster(tCtx, route.asClusterArgs(extras)); err != nil && !errors.Is(err, ErrXdsClusterExists) {
- return err
- }
- return nil
+ return addXdsCluster(tCtx, route.asClusterArgs(extras))
}
// findXdsSecret finds a xds secret with the same name, and returns nil if there is no match.
@@ -776,10 +797,12 @@ func findXdsSecret(tCtx *types.ResourceVersionTable, name string) *tlsv3.Secret
return nil
}
+// addXdsSecret adds a xds secret with args.
+// If the secret already exists, it skips adding the secret and returns nil
func addXdsSecret(tCtx *types.ResourceVersionTable, secret *tlsv3.Secret) error {
- // Return early if cluster with the same name exists
+ // Return early if secret with the same name exists
if c := findXdsSecret(tCtx, secret.Name); c != nil {
- return ErrXdsSecretExists
+ return nil
}
if err := tCtx.AddXdsResource(resourcev3.SecretType, secret); err != nil {
@@ -788,10 +811,15 @@ func addXdsSecret(tCtx *types.ResourceVersionTable, secret *tlsv3.Secret) error
return nil
}
+// addXdsCluster adds a xds cluster with args.
+// If the cluster already exists, it skips adding the cluster and returns nil.
func addXdsCluster(tCtx *types.ResourceVersionTable, args *xdsClusterArgs) error {
- // Return early if cluster with the same name exists
+ // Return early if cluster with the same name exists.
+ // All the current callers can all safely assume the xdsClusterArgs is the same for the clusters with the same name.
+ // If this assumption changes, the callers should call findXdsCluster first to check if the cluster already exists
+ // before calling addXdsCluster.
if c := findXdsCluster(tCtx, args.name); c != nil {
- return ErrXdsClusterExists
+ return nil
}
xdsCluster := buildXdsCluster(args)
diff --git a/internal/xds/translator/utils.go b/internal/xds/translator/utils.go
index 23d455edd9c..882d9b1e926 100644
--- a/internal/xds/translator/utils.go
+++ b/internal/xds/translator/utils.go
@@ -133,7 +133,6 @@ func createExtServiceXDSCluster(rd *ir.RouteDestination, traffic *ir.TrafficFeat
var (
endpointType EndpointType
tSocket *corev3.TransportSocket
- err error
)
// Make sure that there are safe defaults for the traffic
@@ -148,7 +147,7 @@ func createExtServiceXDSCluster(rd *ir.RouteDestination, traffic *ir.TrafficFeat
} else {
endpointType = EndpointTypeStatic
}
- if err = addXdsCluster(tCtx, &xdsClusterArgs{
+ return addXdsCluster(tCtx, &xdsClusterArgs{
name: rd.Name,
settings: rd.Settings,
tSocket: tSocket,
@@ -162,10 +161,7 @@ func createExtServiceXDSCluster(rd *ir.RouteDestination, traffic *ir.TrafficFeat
endpointType: endpointType,
dns: traffic.DNS,
http2Settings: traffic.HTTP2,
- }); err != nil && !errors.Is(err, ErrXdsClusterExists) {
- return err
- }
- return nil
+ })
}
// addClusterFromURL adds a cluster to the resource version table from the provided URL.
@@ -198,8 +194,5 @@ func addClusterFromURL(url string, tCtx *types.ResourceVersionTable) error {
clusterArgs.tSocket = tSocket
}
- if err = addXdsCluster(tCtx, clusterArgs); err != nil && !errors.Is(err, ErrXdsClusterExists) {
- return err
- }
- return nil
+ return addXdsCluster(tCtx, clusterArgs)
}
diff --git a/internal/xds/translator/wasm.go b/internal/xds/translator/wasm.go
index b8777e3805c..34b1087d5cc 100644
--- a/internal/xds/translator/wasm.go
+++ b/internal/xds/translator/wasm.go
@@ -118,30 +118,38 @@ func wasmConfig(wasm ir.Wasm) (*wasmfilterv3.Wasm, error) {
return nil, err
}
+ vmConfig := &wasmv3.VmConfig{
+ VmId: wasm.Name, // Do not share VMs across different filters
+ Runtime: vmRuntimeV8,
+ Code: &corev3.AsyncDataSource{
+ Specifier: &corev3.AsyncDataSource_Remote{
+ Remote: &corev3.RemoteDataSource{
+ HttpUri: &corev3.HttpUri{
+ Uri: wasm.Code.ServingURL,
+ HttpUpstreamType: &corev3.HttpUri_Cluster{
+ Cluster: wasmHTTPServerCluster,
+ },
+ Timeout: &durationpb.Duration{
+ Seconds: defaultExtServiceRequestTimeout,
+ },
+ },
+ Sha256: wasm.Code.SHA256,
+ },
+ },
+ },
+ }
+
+ if wasm.HostKeys != nil {
+ vmConfig.EnvironmentVariables = &wasmv3.EnvironmentVariables{
+ HostEnvKeys: wasm.HostKeys,
+ }
+ }
+
filterConfig = &wasmfilterv3.Wasm{
Config: &wasmv3.PluginConfig{
Name: wasm.WasmName,
Vm: &wasmv3.PluginConfig_VmConfig{
- VmConfig: &wasmv3.VmConfig{
- VmId: wasm.Name, // Do not share VMs across different filters
- Runtime: vmRuntimeV8,
- Code: &corev3.AsyncDataSource{
- Specifier: &corev3.AsyncDataSource_Remote{
- Remote: &corev3.RemoteDataSource{
- HttpUri: &corev3.HttpUri{
- Uri: wasm.Code.ServingURL,
- HttpUpstreamType: &corev3.HttpUri_Cluster{
- Cluster: wasmHTTPServerCluster,
- },
- Timeout: &durationpb.Duration{
- Seconds: defaultExtServiceRequestTimeout,
- },
- },
- Sha256: wasm.Code.SHA256,
- },
- },
- },
- },
+ VmConfig: vmConfig,
},
Configuration: configAny,
FailOpen: wasm.FailOpen,
diff --git a/release-notes/current.yaml b/release-notes/current.yaml
index bfc711148bd..c0f8dfc0e5b 100644
--- a/release-notes/current.yaml
+++ b/release-notes/current.yaml
@@ -2,7 +2,10 @@ date: Pending
# Changes that are expected to cause an incompatibility with previous versions, such as deletions or modifications to existing APIs.
breaking changes: |
- Add a breaking change here
+ The Container `ports` field of the gateway instance has been removed, which will cause the gateway Pod to be rebuilt when upgrading the version.
+ ClientTrafficPolicy previously treated an empty TLS ALPNProtocols list as being undefined and applied Envoy Gateway defaults.
+ An empty TLS ALPNProtocols list is now treated as user-defined disablement of the TLS ALPN extension.
+ Always use `::` and `IPv4Compact` enabled on dynamic listeners.
# Updates addressing vulnerabilities, security flaws, or compliance requirements.
security updates: |
@@ -10,11 +13,13 @@ security updates: |
# New features or capabilities added in this release.
new features: |
- Add a new feature here
+ - Added support for trusted CIDRs in the ClientIPDetectionSettings API
# Fixes for bugs identified in previous versions.
bug fixes: |
- Add a bug fix here
+ Fixed failed to update SecurityPolicy resources with the `backendRef` field specified
+ Fixed Envoy rejecting TCP Listeners that have no attached TCPRoutes
+ Fixed xDS translation failed when oidc tokenEndpoint and jwt remoteJWKS are specified in the same SecurityPolicy and using the same hostname
# Enhancements that improve performance.
performance improvements: |
@@ -26,4 +31,4 @@ deprecations: |
# Other notable changes not covered by the above sections.
Other changes: |
- Add other changes here
+ [SecurityPolicy] Modify the JWT Provider Issuer validation constraint
diff --git a/site/content/en/contributions/design/metadata.md b/site/content/en/contributions/design/metadata.md
index 143f5b2797d..f6564f3ccd5 100644
--- a/site/content/en/contributions/design/metadata.md
+++ b/site/content/en/contributions/design/metadata.md
@@ -25,7 +25,27 @@ Future enhancements may include:
## Translation
-Envoy Gateway uses the following namespace for envoy resource metadata: `io.envoyproxy.gateway.metadata`. For example, an envoy [route][] resource may have the following metadata structure:
+Envoy Gateway uses the following namespace for envoy resource metadata: `gateway.envoyproxy.io/`. For example, an envoy [route][] resource may have the following metadata structure:
+
+Kubernetes resource:
+
+```yaml
+kind: HTTPRoute
+apiVersion: gateway.networking.k8s.io/v1
+metadata:
+ annotations:
+ gateway.envoyproxy.io/foo: bar
+ name: myroute
+ namespace: gateway-conformance-infra
+spec:
+ rules:
+ matches:
+ - path:
+ type: PathPrefix
+ value: /mypath
+```
+
+Metadata structure:
```yaml
name: httproute/gateway-conformance-infra/myroute/rule/0/match/0/*
diff --git a/site/content/en/docs/api/extension_types.md b/site/content/en/docs/api/extension_types.md
index 8ab8f50c81f..a519fc34ea7 100644
--- a/site/content/en/docs/api/extension_types.md
+++ b/site/content/en/docs/api/extension_types.md
@@ -300,6 +300,19 @@ _Appears in:_
+#### BackendConnection
+
+
+
+BackendConnection allows users to configure connection-level settings of backend
+
+_Appears in:_
+- [BackendTrafficPolicySpec](#backendtrafficpolicyspec)
+- [ClusterSettings](#clustersettings)
+
+| Field | Type | Required | Description |
+| --- | --- | --- | --- |
+| `bufferLimit` | _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#quantity-resource-api)_ | false | BufferLimit Soft limit on size of the cluster’s connections read and write buffers.
BufferLimit applies to connection streaming (maybe non-streaming) channel between processes, it's in user space.
If unspecified, an implementation defined default is applied (32768 bytes).
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes. |
#### BackendEndpoint
@@ -484,6 +497,7 @@ A CIDR can be an IPv4 address range such as "192.168.1.0/24" or an IPv6 address
_Appears in:_
- [Principal](#principal)
+- [XForwardedForSettings](#xforwardedforsettings)
@@ -506,6 +520,23 @@ _Appears in:_
| `allowCredentials` | _boolean_ | false | AllowCredentials indicates whether a request can include user credentials
like cookies, authentication headers, or TLS client certificates.
It specifies the value in the Access-Control-Allow-Credentials CORS response header. |
+#### CircuitBreaker
+
+
+
+CircuitBreaker defines the Circuit Breaker configuration.
+
+_Appears in:_
+- [BackendTrafficPolicySpec](#backendtrafficpolicyspec)
+- [ClusterSettings](#clustersettings)
+
+| Field | Type | Required | Description |
+| --- | --- | --- | --- |
+| `maxConnections` | _integer_ | false | The maximum number of connections that Envoy will establish to the referenced backend defined within a xRoute rule. |
+| `maxPendingRequests` | _integer_ | false | The maximum number of pending requests that Envoy will queue to the referenced backend defined within a xRoute rule. |
+| `maxParallelRequests` | _integer_ | false | The maximum number of parallel requests that Envoy will make to the referenced backend defined within a xRoute rule. |
+| `maxParallelRetries` | _integer_ | false | The maximum number of parallel retries that Envoy will make to the referenced backend defined within a xRoute rule. |
+| `maxRequestsPerConnection` | _integer_ | false | The maximum number of requests that Envoy will make over a single connection to the referenced backend defined within a xRoute rule.
Default: unlimited. |
#### ClaimToHeader
@@ -876,6 +907,20 @@ _Appears in:_
| `RequestHeader` | CustomTagTypeRequestHeader adds value from request header to each span.
|
+#### DNS
+
+
+
+
+
+_Appears in:_
+- [BackendTrafficPolicySpec](#backendtrafficpolicyspec)
+- [ClusterSettings](#clustersettings)
+
+| Field | Type | Required | Description |
+| --- | --- | --- | --- |
+| `dnsRefreshRate` | _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#duration-v1-meta)_ | true | DNSRefreshRate specifies the rate at which DNS records should be refreshed.
Defaults to 30 seconds. |
+| `respectDnsTtl` | _boolean_ | true | RespectDNSTTL indicates whether the DNS Time-To-Live (TTL) should be respected.
If the value is set to true, the DNS refresh rate will be set to the resource record’s TTL.
Defaults to true. |
#### EnvironmentCustomTag
@@ -1789,6 +1834,23 @@ _Appears in:_
| `http10` | _[HTTP10Settings](#http10settings)_ | false | HTTP10 turns on support for HTTP/1.0 and HTTP/0.9 requests. |
+#### HTTP2Settings
+
+
+
+HTTP2Settings provides HTTP/2 configuration for listeners and backends.
+
+_Appears in:_
+- [BackendTrafficPolicySpec](#backendtrafficpolicyspec)
+- [ClientTrafficPolicySpec](#clienttrafficpolicyspec)
+- [ClusterSettings](#clustersettings)
+
+| Field | Type | Required | Description |
+| --- | --- | --- | --- |
+| `initialStreamWindowSize` | _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#quantity-resource-api)_ | false | InitialStreamWindowSize sets the initial window size for HTTP/2 streams.
If not set, the default value is 64 KiB(64*1024). |
+| `initialConnectionWindowSize` | _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#quantity-resource-api)_ | false | InitialConnectionWindowSize sets the initial window size for HTTP/2 connections.
If not set, the default value is 1 MiB. |
+| `maxConcurrentStreams` | _integer_ | false | MaxConcurrentStreams sets the maximum number of concurrent streams allowed per connection.
If not set, the default value is 100. |
+| `onInvalidMessage` | _[InvalidMessageAction](#invalidmessageaction)_ | false | OnInvalidMessage determines if Envoy will terminate the connection or just the offending stream in the event of HTTP messaging error
It's recommended for L2 Envoy deployments to set this value to TerminateStream.
https://www.envoyproxy.io/docs/envoy/latest/configuration/best_practices/level_two
Default: TerminateConnection |
#### HTTP3Settings
@@ -2032,6 +2094,21 @@ _Appears in:_
| `name` | _string_ | true | Name of the header to hash. |
+#### HeaderMatch
+
+
+
+HeaderMatch defines the match attributes within the HTTP Headers of the request.
+
+_Appears in:_
+- [RateLimitSelectCondition](#ratelimitselectcondition)
+
+| Field | Type | Required | Description |
+| --- | --- | --- | --- |
+| `type` | _[HeaderMatchType](#headermatchtype)_ | false | Type specifies how to match against the value of the header. |
+| `name` | _string_ | true | Name of the HTTP header. |
+| `value` | _string_ | false | Value within the HTTP header. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered equivalent.
Do not set this field when Type="Distinct", implying matching on any/all unique
values within the header. |
+| `invert` | _boolean_ | false | Invert specifies whether the value match result will be inverted.
Do not set this field when Type="Distinct", implying matching on any/all unique
values within the header. |
#### HeaderMatchType
@@ -2070,6 +2147,21 @@ _Appears in:_
| `earlyRequestHeaders` | _[HTTPHeaderFilter](#httpheaderfilter)_ | false | EarlyRequestHeaders defines settings for early request header modification, before envoy performs
routing, tracing and built-in header manipulation. |
+#### HealthCheck
+
+
+
+HealthCheck configuration to decide which endpoints
+are healthy and can be used for routing.
+
+_Appears in:_
+- [BackendTrafficPolicySpec](#backendtrafficpolicyspec)
+- [ClusterSettings](#clustersettings)
+
+| Field | Type | Required | Description |
+| --- | --- | --- | --- |
+| `active` | _[ActiveHealthCheck](#activehealthcheck)_ | false | Active health check configuration |
+| `passive` | _[PassiveHealthCheck](#passivehealthcheck)_ | false | Passive passive check configuration |
#### HealthCheckSettings
@@ -2565,6 +2657,21 @@ _Appears in:_
| `value` | _string_ | true | Value defines the hard-coded value to add to each span. |
+#### LoadBalancer
+
+
+
+LoadBalancer defines the load balancer policy to be applied.
+
+_Appears in:_
+- [BackendTrafficPolicySpec](#backendtrafficpolicyspec)
+- [ClusterSettings](#clustersettings)
+
+| Field | Type | Required | Description |
+| --- | --- | --- | --- |
+| `type` | _[LoadBalancerType](#loadbalancertype)_ | true | Type decides the type of Load Balancer policy.
Valid LoadBalancerType values are
"ConsistentHash",
"LeastRequest",
"Random",
"RoundRobin". |
+| `consistentHash` | _[ConsistentHash](#consistenthash)_ | false | ConsistentHash defines the configuration when the load balancer type is
set to ConsistentHash |
+| `slowStart` | _[SlowStart](#slowstart)_ | false | SlowStart defines the configuration related to the slow start load balancer policy.
If set, during slow start window, traffic sent to the newly added hosts will gradually increase.
Currently this is only supported for RoundRobin and LeastRequest load balancers |
#### LoadBalancerType
@@ -2616,6 +2723,19 @@ _Appears in:_
| `error` | LogLevelError defines the "Error" logging level.
|
+#### MergeType
+
+_Underlying type:_ _string_
+
+MergeType defines the type of merge operation
+
+_Appears in:_
+- [KubernetesPatchSpec](#kubernetespatchspec)
+
+| Value | Description |
+| ----- | ----------- |
+| `StrategicMerge` | StrategicMerge indicates a strategic merge patch type
|
+| `JSONMerge` | JSONMerge indicates a JSON merge patch type
|
#### MetricSinkType
@@ -2836,6 +2956,7 @@ _Appears in:_
| Field | Type | Required | Description |
| --- | --- | --- | --- |
| `clientCIDRs` | _[CIDR](#cidr) array_ | false | ClientCIDRs are the IP CIDR ranges of the client.
Valid examples are "192.168.1.0/24" or "2001:db8::/64"
If multiple CIDR ranges are specified, one of the CIDR ranges must match
the client IP for the rule to match.
The client IP is inferred from the X-Forwarded-For header, a custom header,
or the proxy protocol.
You can use the `ClientIPDetection` or the `EnableProxyProtocol` field in
the `ClientTrafficPolicy` to configure how the client IP is detected. |
+| `jwt` | _[JWTPrincipal](#jwtprincipal)_ | false | JWT authorize the request based on the JWT claims and scopes.
Note: in order to use JWT claims for authorization, you must configure the
JWT authentication in the same `SecurityPolicy`. |
#### ProcessingModeOptions
@@ -3101,6 +3222,20 @@ _Appears in:_
| `compression` | _[Compression](#compression)_ | false | Configure the compression on Prometheus endpoint. Compression is useful in situations when bandwidth is scarce and large payloads can be effectively compressed at the expense of higher CPU load. |
+#### ProxyProtocol
+
+
+
+ProxyProtocol defines the configuration related to the proxy protocol
+when communicating with the backend.
+
+_Appears in:_
+- [BackendTrafficPolicySpec](#backendtrafficpolicyspec)
+- [ClusterSettings](#clustersettings)
+
+| Field | Type | Required | Description |
+| --- | --- | --- | --- |
+| `version` | _[ProxyProtocolVersion](#proxyprotocolversion)_ | true | Version of ProxyProtol
Valid ProxyProtocolVersion values are
"V1"
"V2" |
#### ProxyProtocolVersion
@@ -3338,6 +3473,15 @@ _Appears in:_
| `url` | _string_ | true | URL is the endpoint of the trace collector that supports the OTLP protocol |
+#### RateLimitTracingProviderType
+
+_Underlying type:_ _string_
+
+
+
+_Appears in:_
+- [RateLimitTracingProvider](#ratelimittracingprovider)
+
#### RateLimitType
@@ -3491,6 +3635,21 @@ _Appears in:_
| `ValueRef` | ResponseValueTypeValueRef defines the "ValueRef" response body type.
|
+#### Retry
+
+
+
+Retry defines the retry strategy to be applied.
+
+_Appears in:_
+- [BackendTrafficPolicySpec](#backendtrafficpolicyspec)
+- [ClusterSettings](#clustersettings)
+
+| Field | Type | Required | Description |
+| --- | --- | --- | --- |
+| `numRetries` | _integer_ | false | NumRetries is the number of retries to be attempted. Defaults to 2. |
+| `retryOn` | _[RetryOn](#retryon)_ | false | RetryOn specifies the retry trigger condition.
If not specified, the default is to retry on connect-failure,refused-stream,unavailable,cancelled,retriable-status-codes(503). |
+| `perRetry` | _[PerRetryPolicy](#perretrypolicy)_ | false | PerRetry is the retry policy to be applied per retry attempt. |
#### RetryOn
@@ -3668,6 +3827,19 @@ _Appears in:_
| `window` | _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#duration-v1-meta)_ | true | Window defines the duration of the warm up period for newly added host.
During slow start window, traffic sent to the newly added hosts will gradually increase.
Currently only supports linear growth of traffic. For additional details,
see https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#config-cluster-v3-cluster-slowstartconfig |
+#### SourceMatch
+
+
+
+
+
+_Appears in:_
+- [RateLimitSelectCondition](#ratelimitselectcondition)
+
+| Field | Type | Required | Description |
+| --- | --- | --- | --- |
+| `type` | _[SourceMatchType](#sourcematchtype)_ | false | |
+| `value` | _string_ | true | Value is the IP CIDR that represents the range of Source IP Addresses of the client.
These could also be the intermediate addresses through which the request has flown through and is part of the `X-Forwarded-For` header.
For example, `192.168.0.1/32`, `192.168.0.0/24`, `001:db8::/64`. |
#### SourceMatchType
@@ -3826,6 +3998,22 @@ _Appears in:_
| `idleTimeout` | _[Duration](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.Duration)_ | false | IdleTimeout for a TCP connection. Idle time is defined as a period in which there are no
bytes sent or received on either the upstream or downstream connection.
Default: 1 hour. |
+#### TCPKeepalive
+
+
+
+TCPKeepalive define the TCP Keepalive configuration.
+
+_Appears in:_
+- [BackendTrafficPolicySpec](#backendtrafficpolicyspec)
+- [ClientTrafficPolicySpec](#clienttrafficpolicyspec)
+- [ClusterSettings](#clustersettings)
+
+| Field | Type | Required | Description |
+| --- | --- | --- | --- |
+| `probes` | _integer_ | false | The total number of unacknowledged probes to send before deciding
the connection is dead.
Defaults to 9. |
+| `idleTime` | _[Duration](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.Duration)_ | false | The duration a connection needs to be idle before keep-alive
probes start being sent.
The duration format is
Defaults to `7200s`. |
+| `interval` | _[Duration](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.Duration)_ | false | The duration between keep-alive probes.
Defaults to `75s`. |
#### TCPTimeout
@@ -3902,6 +4090,20 @@ _Appears in:_
| `matchLabels` | _object (keys:string, values:string)_ | true | MatchLabels are the set of label selectors for identifying the targeted resource |
+#### Timeout
+
+
+
+Timeout defines configuration for timeouts related to connections.
+
+_Appears in:_
+- [BackendTrafficPolicySpec](#backendtrafficpolicyspec)
+- [ClusterSettings](#clustersettings)
+
+| Field | Type | Required | Description |
+| --- | --- | --- | --- |
+| `tcp` | _[TCPTimeout](#tcptimeout)_ | false | Timeout settings for TCP. |
+| `http` | _[HTTPTimeout](#httptimeout)_ | false | Timeout settings for HTTP. |
#### TracingProvider
@@ -4142,13 +4344,15 @@ _Appears in:_
XForwardedForSettings provides configuration for using X-Forwarded-For headers for determining the client IP address.
+Refer to https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#x-forwarded-for
+for more details.
_Appears in:_
- [ClientIPDetectionSettings](#clientipdetectionsettings)
| Field | Type | Required | Description |
| --- | --- | --- | --- |
-| `numTrustedHops` | _integer_ | false | NumTrustedHops controls the number of additional ingress proxy hops from the right side of XFF HTTP
headers to trust when determining the origin client's IP address.
Refer to https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#x-forwarded-for
for more details. |
+| `numTrustedHops` | _integer_ | false | NumTrustedHops controls the number of additional ingress proxy hops from the right side of XFF HTTP
headers to trust when determining the origin client's IP address.
Only one of NumTrustedHops and TrustedCIDRs must be set. |
#### ZipkinTracingProvider
diff --git a/site/content/en/docs/install/install-helm.md b/site/content/en/docs/install/install-helm.md
index b9768eca129..16975efc84d 100644
--- a/site/content/en/docs/install/install-helm.md
+++ b/site/content/en/docs/install/install-helm.md
@@ -61,7 +61,9 @@ consideration when debugging.
## Upgrading from a previous version
-Follow the steps outlined in [this](./install-yaml.md#upgrading-from-v1.1) section if you're upgrading from a previous version.
+[Helm](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#some-caveats-and-explanations) does not update CRDs
+that live in the `/crds` folder in the Helm Chart. So you will manually need to update the CRDs.
+Follow the steps outlined in [this](./install-yaml/#upgrading-from-v1.1) section if you're upgrading from a previous version.
## Helm chart customizations
diff --git a/site/content/en/docs/tasks/operations/standalone-deployment-mode.md b/site/content/en/docs/tasks/operations/standalone-deployment-mode.md
new file mode 100644
index 00000000000..cc8218a2905
--- /dev/null
+++ b/site/content/en/docs/tasks/operations/standalone-deployment-mode.md
@@ -0,0 +1,123 @@
+---
+title: "Standalone Deployment Mode"
+---
+
+{{% alert title="Notice" color="warning" %}}
+
+Standalone mode is an experimental feature, please **DO NOT** use it in production.
+
+{{% /alert %}}
+
+Envoy Gateway also supports running in standalone mode. In this mode, Envoy Gateway
+does not need to rely on Kubernetes and can be deployed directly on bare metal or virtual machines.
+
+Currently, Envoy Gateway only support the file provider and the host infrastructure provider combinations.
+
+- The file provider will configure the Envoy Gateway to get all gateway-api resources from file system.
+- The host infrastructure provider will configure the Envoy Gateway to deploy one Envoy Proxy as a host process.
+
+## Quick Start
+
+In this quick-start, we will run Envoy Gateway in standalone mode with the file provider
+and the host infrastructure provider.
+
+### Prerequisites
+
+Create a local directory just for testing:
+
+```shell
+mkdir -p /tmp/envoy-gateway-test
+```
+
+Download the Envoy Gateway binary from v1.2.x release.
+
+### Create Certificates
+
+All runners in Envoy Gateway are using TLS connection, so create these TLS certificates locally to
+ensure the Envoy Gateway works properly.
+
+```shell
+envoy-gateway certgen --local
+```
+
+### Start Envoy Gateway
+
+Start Envoy Gateway by the following command:
+
+```shell
+envoy-gateway server --config-path standalone.yaml
+```
+
+with `standalone.yaml` configuration:
+
+```yaml
+apiVersion: gateway.envoyproxy.io/v1alpha1
+kind: EnvoyGateway
+gateway:
+ controllerName: gateway.envoyproxy.io/gatewayclass-controller
+provider:
+ type: Custom
+ custom:
+ resource:
+ type: File
+ file:
+ paths: ["/tmp/envoy-gateway-test"]
+ infrastructure:
+ type: Host
+ host: {}
+logging:
+ level:
+ default: info
+extensionApis:
+ enableBackend: true
+```
+
+As you can see, we have enabled the [Backend][] API, this API will be used to represent our local endpoints.
+
+### Trigger an Update
+
+Any changes under watched `paths` will be considered as an update by the file provider.
+
+For instance, copying example file into `/tmp/envoy-gateway-test/` will trigger an update of gateway-api resources:
+
+```shell
+cp examples/standalone/quickstart.yaml /tmp/envoy-gateway-test/quickstart.yaml
+```
+
+From the Envoy Gateway log, you should be able to observe that the Envoy Proxy has been started, and its admin address has been returned.
+
+### Test Connection
+
+Starts a simple local server as an endpoint:
+
+```shell
+python3 -m http.server 3000
+```
+
+Curl the example server through Envoy Proxy:
+
+```shell
+curl --verbose --header "Host: www.example.com" http://0.0.0.0:8888/
+```
+
+```console
+* Trying 0.0.0.0:8888...
+* Connected to 0.0.0.0 (127.0.0.1) port 8888 (#0)
+> GET / HTTP/1.1
+> Host: www.example.com
+> User-Agent: curl/7.81.0
+> Accept: */*
+>
+* Mark bundle as not supporting multiuse
+< HTTP/1.1 200 OK
+< server: SimpleHTTP/0.6 Python/3.10.12
+< date: Sat, 26 Oct 2024 13:20:34 GMT
+< content-type: text/html; charset=utf-8
+< content-length: 1870
+<
+...
+* Connection #0 to host 0.0.0.0 left intact
+```
+
+
+[Backend]: ../../../api/extension_types#backend
diff --git a/site/content/en/docs/tasks/security/oidc.md b/site/content/en/docs/tasks/security/oidc.md
index 45adc554a90..f6ad61f8aa1 100644
--- a/site/content/en/docs/tasks/security/oidc.md
+++ b/site/content/en/docs/tasks/security/oidc.md
@@ -85,7 +85,7 @@ kubectl get httproute/myapp -o yaml
## OIDC Authentication for a HTTPRoute
-OIDC can be configured at the Gateway level to authenticate all the HTTPRoutes that are associated with the Gateway with
+OIDC can be configured at the Gateway level to authenticate all the HTTPRoutes that are associated with the Gateway with
the same OIDC configuration, or at the HTTPRoute level to authenticate each HTTPRoute with different OIDC configurations.
This section demonstrates how to configure OIDC authentication for a specific HTTPRoute.
@@ -117,9 +117,9 @@ kubectl create secret generic my-app-client-secret --from-literal=client-secret=
### Create a SecurityPolicy
**Please notice that the `redirectURL` and `logoutPath` must match the target HTTPRoute.** In this example, the target
-HTTPRoute is configured to match the host `www.example.com` and the path `/myapp`, so the `redirectURL` must be prefixed
-with `https://www.example.com:8443/myapp`, and `logoutPath` must be prefixed with`/myapp`, otherwise the OIDC authentication
-will fail because the redirect and logout requests will not match the target HTTPRoute and therefore can't be processed
+HTTPRoute is configured to match the host `www.example.com` and the path `/myapp`, so the `redirectURL` must be prefixed
+with `https://www.example.com:8443/myapp`, and `logoutPath` must be prefixed with`/myapp`, otherwise the OIDC authentication
+will fail because the redirect and logout requests will not match the target HTTPRoute and therefore can't be processed
by the OAuth2 filter on that HTTPRoute.
Note: please replace the ${CLIENT_ID} in the below yaml snippet with the actual Client ID that you got from the OIDC provider.
@@ -200,8 +200,8 @@ Put www.example.com in the /etc/hosts file in your test machine, so we can use t
127.0.0.1 www.example.com
```
-Open a browser and navigate to the `https://www.example.com:8443/myapp` address. You should be redirected to the Google
-login page. After you successfully login, you should see the response from the backend service.
+Open a browser and navigate to the `https://www.example.com:8443/myapp` address. You should be redirected to the Google
+login page. After you successfully login, you should see the response from the backend service.
Clean the cookies in the browser and try to access `https://www.example.com:8443/foo` address. You should be able to see
this page since the path `/foo` is not protected by the OIDC policy.
@@ -284,16 +284,18 @@ kubectl get httproute/foo -o yaml
### Create a SecurityPolicy
-Create or update the SecurityPolicy to target the Gateway instead of the HTTPRoute. **Please notice that the `redirectURL`
-and `logoutPath` must match one of the HTTPRoutes associated with the Gateway.** In this example, the target Gateway has
-three HTTPRoutes associated with it, one with the host `www.example.com` and the path `/myapp`, one with the host
-`www.example.com` and the path `/`, and one with the host `foo.example.com` and the path `/`. Any of these HTTPRoutes
+Create or update the SecurityPolicy to target the Gateway instead of the HTTPRoute. **Please notice that the `redirectURL`
+and `logoutPath` must match one of the HTTPRoutes associated with the Gateway.** In this example, the target Gateway has
+three HTTPRoutes associated with it, one with the host `www.example.com` and the path `/myapp`, one with the host
+`www.example.com` and the path `/`, and one with the host `foo.example.com` and the path `/`. Any of these HTTPRoutes
can be used to match the `redirectURL` and `logoutPath`.
By default, the access token and ID token cookies are set to the host of the request, excluding subdomains. To allow the
-token cookies to be shared across subdomains and prevent users from having to log in again when switching between subdomains,
+token cookies to be shared across subdomains and prevent users from having to log in again when switching between subdomains,
the `cookieDomain` field needs to be set to the root domain. In this example, the root domain is `example.com`.
+Note: if a `cookieDomain` is added to an existing SecurityPolicy, the cookies in the browser must be cleared before sending a new request to the Gateway, otherwise the cookies with the old subdomain will take precedence and be sent to the Gateway, causing the OIDC authentication to fail.
+
{{< tabpane text=true >}}
{{% tab header="Apply from stdin" %}}
diff --git a/site/content/en/docs/tasks/traffic/response-override.md b/site/content/en/docs/tasks/traffic/response-override.md
new file mode 100644
index 00000000000..ea8121bfe89
--- /dev/null
+++ b/site/content/en/docs/tasks/traffic/response-override.md
@@ -0,0 +1,157 @@
+---
+title: "Response Override"
+---
+
+Response Override allows you to override the response from the backend with a custom one. This can be useful for scenarios such as returning a custom 404 page when the requested resource is not found or a custom 500 error message when the backend is failing.
+
+## Installation
+
+Follow the steps from the [Quickstart](../../quickstart) to install Envoy Gateway and the example manifest.
+Before proceeding, you should be able to query the example backend using HTTP.
+
+## Testing Response Override
+
+{{< tabpane text=true >}}
+{{% tab header="Apply from stdin" %}}
+
+```shell
+cat <}}
+
+```shell
+curl --verbose --header "Host: www.example.com" http://$GATEWAY_HOST/status/404
+```
+
+```console
+* Trying 127.0.0.1:80...
+* Connected to 172.18.0.200 (172.18.0.200) port 80
+> GET /status/404 HTTP/1.1
+> Host: www.example.com
+> User-Agent: curl/8.5.0
+> Accept: */*
+>
+< HTTP/1.1 404 Not Found
+< content-type: text/plain
+< content-length: 32
+< date: Thu, 07 Nov 2024 09:22:29 GMT
+<
+* Connection #0 to host 172.18.0.200 left intact
+Oops! Your request is not found.
+```
+
+```shell
+curl --verbose --header "Host: www.example.com" http://$GATEWAY_HOST/status/500
+```
+
+```console
+* Trying 127.0.0.1:80...
+* Connected to 172.18.0.200 (172.18.0.200) port 80
+> GET /status/500 HTTP/1.1
+> Host: www.example.com
+> User-Agent: curl/8.5.0
+> Accept: */*
+>
+< HTTP/1.1 500 Internal Server Error
+< content-type: application/json
+< content-length: 34
+< date: Thu, 07 Nov 2024 09:23:02 GMT
+<
+* Connection #0 to host 172.18.0.200 left intact
+{"error": "Internal Server Error"}
+```
\ No newline at end of file
diff --git a/site/content/en/latest/api/extension_types.md b/site/content/en/latest/api/extension_types.md
index 009a01f3231..523525b17f0 100644
--- a/site/content/en/latest/api/extension_types.md
+++ b/site/content/en/latest/api/extension_types.md
@@ -52,11 +52,7 @@ ALSEnvoyProxyAccessLog defines the gRPC Access Log Service (ALS) sink.
The service must implement the Envoy gRPC Access Log Service streaming API:
https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/accesslog/v3/als.proto
Access log format information is passed in the form of gRPC metadata when the
-stream is established. Specifically, the following metadata is passed:
-
-
-- `x-accesslog-text` - The access log format string when a Text format is used.
-- `x-accesslog-attr` - JSON encoded key/value pairs when a JSON format is used.
+stream is established.
_Appears in:_
- [ProxyAccessLogSink](#proxyaccesslogsink)
@@ -300,6 +296,19 @@ _Appears in:_
+#### BackendConnection
+
+
+
+BackendConnection allows users to configure connection-level settings of backend
+
+_Appears in:_
+- [BackendTrafficPolicySpec](#backendtrafficpolicyspec)
+- [ClusterSettings](#clustersettings)
+
+| Field | Type | Required | Description |
+| --- | --- | --- | --- |
+| `bufferLimit` | _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#quantity-resource-api)_ | false | BufferLimit Soft limit on size of the cluster’s connections read and write buffers.
BufferLimit applies to connection streaming (maybe non-streaming) channel between processes, it's in user space.
If unspecified, an implementation defined default is applied (32768 bytes).
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes. |
#### BackendEndpoint
@@ -394,7 +403,7 @@ _Appears in:_
| `ciphers` | _string array_ | false | Ciphers specifies the set of cipher suites supported when
negotiating TLS 1.0 - 1.2. This setting has no effect for TLS 1.3.
In non-FIPS Envoy Proxy builds the default cipher list is:
- [ECDHE-ECDSA-AES128-GCM-SHA256\|ECDHE-ECDSA-CHACHA20-POLY1305]
- [ECDHE-RSA-AES128-GCM-SHA256\|ECDHE-RSA-CHACHA20-POLY1305]
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-RSA-AES256-GCM-SHA384
In builds using BoringSSL FIPS the default cipher list is:
- ECDHE-ECDSA-AES128-GCM-SHA256
- ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-RSA-AES256-GCM-SHA384 |
| `ecdhCurves` | _string array_ | false | ECDHCurves specifies the set of supported ECDH curves.
In non-FIPS Envoy Proxy builds the default curves are:
- X25519
- P-256
In builds using BoringSSL FIPS the default curve is:
- P-256 |
| `signatureAlgorithms` | _string array_ | false | SignatureAlgorithms specifies which signature algorithms the listener should
support. |
-| `alpnProtocols` | _[ALPNProtocol](#alpnprotocol) array_ | false | ALPNProtocols supplies the list of ALPN protocols that should be
exposed by the listener. By default h2 and http/1.1 are enabled.
Supported values are:
- http/1.0
- http/1.1
- h2 |
+| `alpnProtocols` | _[ALPNProtocol](#alpnprotocol) array_ | false | ALPNProtocols supplies the list of ALPN protocols that should be
exposed by the listener or used by the proxy to connect to the backend.
Defaults:
1. HTTPS Routes: h2 and http/1.1 are enabled in listener context.
2. Other Routes: ALPN is disabled.
3. Backends: proxy uses the appropriate ALPN options for the backend protocol.
When an empty list is provided, the ALPN TLS extension is disabled.
Supported values are:
- http/1.0
- http/1.1
- h2 |
#### BackendTrafficPolicy
@@ -495,6 +504,7 @@ A CIDR can be an IPv4 address range such as "192.168.1.0/24" or an IPv6 address
_Appears in:_
- [Principal](#principal)
+- [XForwardedForSettings](#xforwardedforsettings)
@@ -517,6 +527,23 @@ _Appears in:_
| `allowCredentials` | _boolean_ | false | AllowCredentials indicates whether a request can include user credentials
like cookies, authentication headers, or TLS client certificates.
It specifies the value in the Access-Control-Allow-Credentials CORS response header. |
+#### CircuitBreaker
+
+
+
+CircuitBreaker defines the Circuit Breaker configuration.
+
+_Appears in:_
+- [BackendTrafficPolicySpec](#backendtrafficpolicyspec)
+- [ClusterSettings](#clustersettings)
+
+| Field | Type | Required | Description |
+| --- | --- | --- | --- |
+| `maxConnections` | _integer_ | false | The maximum number of connections that Envoy will establish to the referenced backend defined within a xRoute rule. |
+| `maxPendingRequests` | _integer_ | false | The maximum number of pending requests that Envoy will queue to the referenced backend defined within a xRoute rule. |
+| `maxParallelRequests` | _integer_ | false | The maximum number of parallel requests that Envoy will make to the referenced backend defined within a xRoute rule. |
+| `maxParallelRetries` | _integer_ | false | The maximum number of parallel retries that Envoy will make to the referenced backend defined within a xRoute rule. |
+| `maxRequestsPerConnection` | _integer_ | false | The maximum number of requests that Envoy will make over a single connection to the referenced backend defined within a xRoute rule.
Default: unlimited. |
#### ClaimToHeader
@@ -581,7 +608,7 @@ _Appears in:_
| `ciphers` | _string array_ | false | Ciphers specifies the set of cipher suites supported when
negotiating TLS 1.0 - 1.2. This setting has no effect for TLS 1.3.
In non-FIPS Envoy Proxy builds the default cipher list is:
- [ECDHE-ECDSA-AES128-GCM-SHA256\|ECDHE-ECDSA-CHACHA20-POLY1305]
- [ECDHE-RSA-AES128-GCM-SHA256\|ECDHE-RSA-CHACHA20-POLY1305]
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-RSA-AES256-GCM-SHA384
In builds using BoringSSL FIPS the default cipher list is:
- ECDHE-ECDSA-AES128-GCM-SHA256
- ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-RSA-AES256-GCM-SHA384 |
| `ecdhCurves` | _string array_ | false | ECDHCurves specifies the set of supported ECDH curves.
In non-FIPS Envoy Proxy builds the default curves are:
- X25519
- P-256
In builds using BoringSSL FIPS the default curve is:
- P-256 |
| `signatureAlgorithms` | _string array_ | false | SignatureAlgorithms specifies which signature algorithms the listener should
support. |
-| `alpnProtocols` | _[ALPNProtocol](#alpnprotocol) array_ | false | ALPNProtocols supplies the list of ALPN protocols that should be
exposed by the listener. By default h2 and http/1.1 are enabled.
Supported values are:
- http/1.0
- http/1.1
- h2 |
+| `alpnProtocols` | _[ALPNProtocol](#alpnprotocol) array_ | false | ALPNProtocols supplies the list of ALPN protocols that should be
exposed by the listener or used by the proxy to connect to the backend.
Defaults:
1. HTTPS Routes: h2 and http/1.1 are enabled in listener context.
2. Other Routes: ALPN is disabled.
3. Backends: proxy uses the appropriate ALPN options for the backend protocol.
When an empty list is provided, the ALPN TLS extension is disabled.
Supported values are:
- http/1.0
- http/1.1
- h2 |
| `session` | _[Session](#session)_ | false | Session defines settings related to TLS session management. |
@@ -887,6 +914,20 @@ _Appears in:_
| `RequestHeader` | CustomTagTypeRequestHeader adds value from request header to each span.
|
+#### DNS
+
+
+
+
+
+_Appears in:_
+- [BackendTrafficPolicySpec](#backendtrafficpolicyspec)
+- [ClusterSettings](#clustersettings)
+
+| Field | Type | Required | Description |
+| --- | --- | --- | --- |
+| `dnsRefreshRate` | _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#duration-v1-meta)_ | true | DNSRefreshRate specifies the rate at which DNS records should be refreshed.
Defaults to 30 seconds. |
+| `respectDnsTtl` | _boolean_ | true | RespectDNSTTL indicates whether the DNS Time-To-Live (TTL) should be respected.
If the value is set to true, the DNS refresh rate will be set to the resource record’s TTL.
Defaults to true. |
#### EnvironmentCustomTag
@@ -1801,6 +1842,23 @@ _Appears in:_
| `http10` | _[HTTP10Settings](#http10settings)_ | false | HTTP10 turns on support for HTTP/1.0 and HTTP/0.9 requests. |
+#### HTTP2Settings
+
+
+
+HTTP2Settings provides HTTP/2 configuration for listeners and backends.
+
+_Appears in:_
+- [BackendTrafficPolicySpec](#backendtrafficpolicyspec)
+- [ClientTrafficPolicySpec](#clienttrafficpolicyspec)
+- [ClusterSettings](#clustersettings)
+
+| Field | Type | Required | Description |
+| --- | --- | --- | --- |
+| `initialStreamWindowSize` | _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#quantity-resource-api)_ | false | InitialStreamWindowSize sets the initial window size for HTTP/2 streams.
If not set, the default value is 64 KiB(64*1024). |
+| `initialConnectionWindowSize` | _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#quantity-resource-api)_ | false | InitialConnectionWindowSize sets the initial window size for HTTP/2 connections.
If not set, the default value is 1 MiB. |
+| `maxConcurrentStreams` | _integer_ | false | MaxConcurrentStreams sets the maximum number of concurrent streams allowed per connection.
If not set, the default value is 100. |
+| `onInvalidMessage` | _[InvalidMessageAction](#invalidmessageaction)_ | false | OnInvalidMessage determines if Envoy will terminate the connection or just the offending stream in the event of HTTP messaging error
It's recommended for L2 Envoy deployments to set this value to TerminateStream.
https://www.envoyproxy.io/docs/envoy/latest/configuration/best_practices/level_two
Default: TerminateConnection |
#### HTTP3Settings
@@ -2044,6 +2102,21 @@ _Appears in:_
| `name` | _string_ | true | Name of the header to hash. |
+#### HeaderMatch
+
+
+
+HeaderMatch defines the match attributes within the HTTP Headers of the request.
+
+_Appears in:_
+- [RateLimitSelectCondition](#ratelimitselectcondition)
+
+| Field | Type | Required | Description |
+| --- | --- | --- | --- |
+| `type` | _[HeaderMatchType](#headermatchtype)_ | false | Type specifies how to match against the value of the header. |
+| `name` | _string_ | true | Name of the HTTP header. |
+| `value` | _string_ | false | Value within the HTTP header. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered equivalent.
Do not set this field when Type="Distinct", implying matching on any/all unique
values within the header. |
+| `invert` | _boolean_ | false | Invert specifies whether the value match result will be inverted.
Do not set this field when Type="Distinct", implying matching on any/all unique
values within the header. |
#### HeaderMatchType
@@ -2082,6 +2155,21 @@ _Appears in:_
| `earlyRequestHeaders` | _[HTTPHeaderFilter](#httpheaderfilter)_ | false | EarlyRequestHeaders defines settings for early request header modification, before envoy performs
routing, tracing and built-in header manipulation. |
+#### HealthCheck
+
+
+
+HealthCheck configuration to decide which endpoints
+are healthy and can be used for routing.
+
+_Appears in:_
+- [BackendTrafficPolicySpec](#backendtrafficpolicyspec)
+- [ClusterSettings](#clustersettings)
+
+| Field | Type | Required | Description |
+| --- | --- | --- | --- |
+| `active` | _[ActiveHealthCheck](#activehealthcheck)_ | false | Active health check configuration |
+| `passive` | _[PassiveHealthCheck](#passivehealthcheck)_ | false | Passive passive check configuration |
#### HealthCheckSettings
@@ -2577,6 +2665,21 @@ _Appears in:_
| `value` | _string_ | true | Value defines the hard-coded value to add to each span. |
+#### LoadBalancer
+
+
+
+LoadBalancer defines the load balancer policy to be applied.
+
+_Appears in:_
+- [BackendTrafficPolicySpec](#backendtrafficpolicyspec)
+- [ClusterSettings](#clustersettings)
+
+| Field | Type | Required | Description |
+| --- | --- | --- | --- |
+| `type` | _[LoadBalancerType](#loadbalancertype)_ | true | Type decides the type of Load Balancer policy.
Valid LoadBalancerType values are
"ConsistentHash",
"LeastRequest",
"Random",
"RoundRobin". |
+| `consistentHash` | _[ConsistentHash](#consistenthash)_ | false | ConsistentHash defines the configuration when the load balancer type is
set to ConsistentHash |
+| `slowStart` | _[SlowStart](#slowstart)_ | false | SlowStart defines the configuration related to the slow start load balancer policy.
If set, during slow start window, traffic sent to the newly added hosts will gradually increase.
Currently this is only supported for RoundRobin and LeastRequest load balancers |
#### LoadBalancerType
@@ -2628,6 +2731,19 @@ _Appears in:_
| `error` | LogLevelError defines the "Error" logging level.
|
+#### MergeType
+
+_Underlying type:_ _string_
+
+MergeType defines the type of merge operation
+
+_Appears in:_
+- [KubernetesPatchSpec](#kubernetespatchspec)
+
+| Value | Description |
+| ----- | ----------- |
+| `StrategicMerge` | StrategicMerge indicates a strategic merge patch type
|
+| `JSONMerge` | JSONMerge indicates a JSON merge patch type
|
#### MetricSinkType
@@ -2848,6 +2964,7 @@ _Appears in:_
| Field | Type | Required | Description |
| --- | --- | --- | --- |
| `clientCIDRs` | _[CIDR](#cidr) array_ | false | ClientCIDRs are the IP CIDR ranges of the client.
Valid examples are "192.168.1.0/24" or "2001:db8::/64"
If multiple CIDR ranges are specified, one of the CIDR ranges must match
the client IP for the rule to match.
The client IP is inferred from the X-Forwarded-For header, a custom header,
or the proxy protocol.
You can use the `ClientIPDetection` or the `EnableProxyProtocol` field in
the `ClientTrafficPolicy` to configure how the client IP is detected. |
+| `jwt` | _[JWTPrincipal](#jwtprincipal)_ | false | JWT authorize the request based on the JWT claims and scopes.
Note: in order to use JWT claims for authorization, you must configure the
JWT authentication in the same `SecurityPolicy`. |
#### ProcessingModeOptions
@@ -3113,6 +3230,20 @@ _Appears in:_
| `compression` | _[Compression](#compression)_ | false | Configure the compression on Prometheus endpoint. Compression is useful in situations when bandwidth is scarce and large payloads can be effectively compressed at the expense of higher CPU load. |
+#### ProxyProtocol
+
+
+
+ProxyProtocol defines the configuration related to the proxy protocol
+when communicating with the backend.
+
+_Appears in:_
+- [BackendTrafficPolicySpec](#backendtrafficpolicyspec)
+- [ClusterSettings](#clustersettings)
+
+| Field | Type | Required | Description |
+| --- | --- | --- | --- |
+| `version` | _[ProxyProtocolVersion](#proxyprotocolversion)_ | true | Version of ProxyProtol
Valid ProxyProtocolVersion values are
"V1"
"V2" |
#### ProxyProtocolVersion
@@ -3350,6 +3481,15 @@ _Appears in:_
| `url` | _string_ | true | URL is the endpoint of the trace collector that supports the OTLP protocol |
+#### RateLimitTracingProviderType
+
+_Underlying type:_ _string_
+
+
+
+_Appears in:_
+- [RateLimitTracingProvider](#ratelimittracingprovider)
+
#### RateLimitType
@@ -3503,6 +3643,21 @@ _Appears in:_
| `ValueRef` | ResponseValueTypeValueRef defines the "ValueRef" response body type.
|
+#### Retry
+
+
+
+Retry defines the retry strategy to be applied.
+
+_Appears in:_
+- [BackendTrafficPolicySpec](#backendtrafficpolicyspec)
+- [ClusterSettings](#clustersettings)
+
+| Field | Type | Required | Description |
+| --- | --- | --- | --- |
+| `numRetries` | _integer_ | false | NumRetries is the number of retries to be attempted. Defaults to 2. |
+| `retryOn` | _[RetryOn](#retryon)_ | false | RetryOn specifies the retry trigger condition.
If not specified, the default is to retry on connect-failure,refused-stream,unavailable,cancelled,retriable-status-codes(503). |
+| `perRetry` | _[PerRetryPolicy](#perretrypolicy)_ | false | PerRetry is the retry policy to be applied per retry attempt. |
#### RetryOn
@@ -3680,6 +3835,19 @@ _Appears in:_
| `window` | _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#duration-v1-meta)_ | true | Window defines the duration of the warm up period for newly added host.
During slow start window, traffic sent to the newly added hosts will gradually increase.
Currently only supports linear growth of traffic. For additional details,
see https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#config-cluster-v3-cluster-slowstartconfig |
+#### SourceMatch
+
+
+
+
+
+_Appears in:_
+- [RateLimitSelectCondition](#ratelimitselectcondition)
+
+| Field | Type | Required | Description |
+| --- | --- | --- | --- |
+| `type` | _[SourceMatchType](#sourcematchtype)_ | false | |
+| `value` | _string_ | true | Value is the IP CIDR that represents the range of Source IP Addresses of the client.
These could also be the intermediate addresses through which the request has flown through and is part of the `X-Forwarded-For` header.
For example, `192.168.0.1/32`, `192.168.0.0/24`, `001:db8::/64`. |
#### SourceMatchType
@@ -3838,6 +4006,22 @@ _Appears in:_
| `idleTimeout` | _[Duration](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.Duration)_ | false | IdleTimeout for a TCP connection. Idle time is defined as a period in which there are no
bytes sent or received on either the upstream or downstream connection.
Default: 1 hour. |
+#### TCPKeepalive
+
+
+
+TCPKeepalive define the TCP Keepalive configuration.
+
+_Appears in:_
+- [BackendTrafficPolicySpec](#backendtrafficpolicyspec)
+- [ClientTrafficPolicySpec](#clienttrafficpolicyspec)
+- [ClusterSettings](#clustersettings)
+
+| Field | Type | Required | Description |
+| --- | --- | --- | --- |
+| `probes` | _integer_ | false | The total number of unacknowledged probes to send before deciding
the connection is dead.
Defaults to 9. |
+| `idleTime` | _[Duration](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.Duration)_ | false | The duration a connection needs to be idle before keep-alive
probes start being sent.
The duration format is
Defaults to `7200s`. |
+| `interval` | _[Duration](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.Duration)_ | false | The duration between keep-alive probes.
Defaults to `75s`. |
#### TCPTimeout
@@ -3871,7 +4055,7 @@ _Appears in:_
| `ciphers` | _string array_ | false | Ciphers specifies the set of cipher suites supported when
negotiating TLS 1.0 - 1.2. This setting has no effect for TLS 1.3.
In non-FIPS Envoy Proxy builds the default cipher list is:
- [ECDHE-ECDSA-AES128-GCM-SHA256\|ECDHE-ECDSA-CHACHA20-POLY1305]
- [ECDHE-RSA-AES128-GCM-SHA256\|ECDHE-RSA-CHACHA20-POLY1305]
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-RSA-AES256-GCM-SHA384
In builds using BoringSSL FIPS the default cipher list is:
- ECDHE-ECDSA-AES128-GCM-SHA256
- ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-RSA-AES256-GCM-SHA384 |
| `ecdhCurves` | _string array_ | false | ECDHCurves specifies the set of supported ECDH curves.
In non-FIPS Envoy Proxy builds the default curves are:
- X25519
- P-256
In builds using BoringSSL FIPS the default curve is:
- P-256 |
| `signatureAlgorithms` | _string array_ | false | SignatureAlgorithms specifies which signature algorithms the listener should
support. |
-| `alpnProtocols` | _[ALPNProtocol](#alpnprotocol) array_ | false | ALPNProtocols supplies the list of ALPN protocols that should be
exposed by the listener. By default h2 and http/1.1 are enabled.
Supported values are:
- http/1.0
- http/1.1
- h2 |
+| `alpnProtocols` | _[ALPNProtocol](#alpnprotocol) array_ | false | ALPNProtocols supplies the list of ALPN protocols that should be
exposed by the listener or used by the proxy to connect to the backend.
Defaults:
1. HTTPS Routes: h2 and http/1.1 are enabled in listener context.
2. Other Routes: ALPN is disabled.
3. Backends: proxy uses the appropriate ALPN options for the backend protocol.
When an empty list is provided, the ALPN TLS extension is disabled.
Supported values are:
- http/1.0
- http/1.1
- h2 |
#### TLSVersion
@@ -3914,6 +4098,20 @@ _Appears in:_
| `matchLabels` | _object (keys:string, values:string)_ | true | MatchLabels are the set of label selectors for identifying the targeted resource |
+#### Timeout
+
+
+
+Timeout defines configuration for timeouts related to connections.
+
+_Appears in:_
+- [BackendTrafficPolicySpec](#backendtrafficpolicyspec)
+- [ClusterSettings](#clustersettings)
+
+| Field | Type | Required | Description |
+| --- | --- | --- | --- |
+| `tcp` | _[TCPTimeout](#tcptimeout)_ | false | Timeout settings for TCP. |
+| `http` | _[HTTPTimeout](#httptimeout)_ | false | Timeout settings for HTTP. |
#### TracingProvider
@@ -4014,6 +4212,7 @@ _Appears in:_
| `code` | _[WasmCodeSource](#wasmcodesource)_ | true | Code is the Wasm code for the extension. |
| `config` | _[JSON](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#json-v1-apiextensions-k8s-io)_ | false | Config is the configuration for the Wasm extension.
This configuration will be passed as a JSON string to the Wasm extension. |
| `failOpen` | _boolean_ | false | FailOpen is a switch used to control the behavior when a fatal error occurs
during the initialization or the execution of the Wasm extension.
If FailOpen is set to true, the system bypasses the Wasm extension and
allows the traffic to pass through. Otherwise, if it is set to false or
not set (defaulting to false), the system blocks the traffic and returns
an HTTP 5xx error. |
+| `env` | _[WasmEnv](#wasmenv)_ | false | Env configures the environment for the Wasm extension |
#### WasmCodeSource
@@ -4048,6 +4247,20 @@ _Appears in:_
| `Image` | ImageWasmCodeSourceType allows the user to specify the Wasm code in an OCI image.
|
+#### WasmEnv
+
+
+
+WasmEnv defines the environment variables for the VM of a Wasm extension
+
+_Appears in:_
+- [Wasm](#wasm)
+
+| Field | Type | Required | Description |
+| --- | --- | --- | --- |
+| `hostKeys` | _string array_ | false | HostKeys is a list of keys for environment variables from the host envoy process
that should be passed into the Wasm VM. This is useful for passing secrets to to Wasm extensions. |
+
+
#### WithUnderscoresAction
_Underlying type:_ _string_
@@ -4154,13 +4367,15 @@ _Appears in:_
XForwardedForSettings provides configuration for using X-Forwarded-For headers for determining the client IP address.
+Refer to https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#x-forwarded-for
+for more details.
_Appears in:_
- [ClientIPDetectionSettings](#clientipdetectionsettings)
| Field | Type | Required | Description |
| --- | --- | --- | --- |
-| `numTrustedHops` | _integer_ | false | NumTrustedHops controls the number of additional ingress proxy hops from the right side of XFF HTTP
headers to trust when determining the origin client's IP address.
Refer to https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#x-forwarded-for
for more details. |
+| `numTrustedHops` | _integer_ | false | NumTrustedHops controls the number of additional ingress proxy hops from the right side of XFF HTTP
headers to trust when determining the origin client's IP address.
Only one of NumTrustedHops and TrustedCIDRs must be set. |
#### ZipkinTracingProvider
diff --git a/site/content/en/latest/install/install-helm.md b/site/content/en/latest/install/install-helm.md
index b9768eca129..16975efc84d 100644
--- a/site/content/en/latest/install/install-helm.md
+++ b/site/content/en/latest/install/install-helm.md
@@ -61,7 +61,9 @@ consideration when debugging.
## Upgrading from a previous version
-Follow the steps outlined in [this](./install-yaml.md#upgrading-from-v1.1) section if you're upgrading from a previous version.
+[Helm](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#some-caveats-and-explanations) does not update CRDs
+that live in the `/crds` folder in the Helm Chart. So you will manually need to update the CRDs.
+Follow the steps outlined in [this](./install-yaml/#upgrading-from-v1.1) section if you're upgrading from a previous version.
## Helm chart customizations
diff --git a/site/content/en/latest/tasks/operations/standalone-deployment-mode.md b/site/content/en/latest/tasks/operations/standalone-deployment-mode.md
new file mode 100644
index 00000000000..88a5c1b98c2
--- /dev/null
+++ b/site/content/en/latest/tasks/operations/standalone-deployment-mode.md
@@ -0,0 +1,130 @@
+---
+title: "Standalone Deployment Mode"
+---
+
+{{% alert title="Notice" color="warning" %}}
+
+Standalone mode is an experimental feature, please **DO NOT** use it in production.
+
+{{% /alert %}}
+
+Envoy Gateway also supports running in standalone mode. In this mode, Envoy Gateway
+does not need to rely on Kubernetes and can be deployed directly on bare metal or virtual machines.
+
+Currently, Envoy Gateway only support the file provider and the host infrastructure provider combinations.
+
+- The file provider will configure the Envoy Gateway to get all gateway-api resources from file system.
+- The host infrastructure provider will configure the Envoy Gateway to deploy one Envoy Proxy as a host process.
+
+## Quick Start
+
+In this quick-start, we will run Envoy Gateway in standalone mode with the file provider
+and the host infrastructure provider.
+
+### Prerequisites
+
+Create a local directory just for testing:
+
+```shell
+mkdir -p /tmp/envoy-gateway-test
+```
+
+As we do not provide the Envoy Gateway binary in latest release,
+you can compile this binary on your own from project by using command:
+
+```shell
+make build
+```
+
+The compiled binary lies in `bin/{os}/{arch}/envoy-gateway`.
+
+### Create Certificates
+
+All runners in Envoy Gateway are using TLS connection, so create these TLS certificates locally to
+ensure the Envoy Gateway works properly.
+
+```shell
+envoy-gateway certgen --local
+```
+
+### Start Envoy Gateway
+
+Start Envoy Gateway by the following command:
+
+```shell
+envoy-gateway server --config-path standalone.yaml
+```
+
+with `standalone.yaml` configuration:
+
+```yaml
+apiVersion: gateway.envoyproxy.io/v1alpha1
+kind: EnvoyGateway
+gateway:
+ controllerName: gateway.envoyproxy.io/gatewayclass-controller
+provider:
+ type: Custom
+ custom:
+ resource:
+ type: File
+ file:
+ paths: ["/tmp/envoy-gateway-test"]
+ infrastructure:
+ type: Host
+ host: {}
+logging:
+ level:
+ default: info
+extensionApis:
+ enableBackend: true
+```
+
+As you can see, we have enabled the [Backend][] API, this API will be used to represent our local endpoints.
+
+### Trigger an Update
+
+Any changes under watched `paths` will be considered as an update by the file provider.
+
+For instance, copying example file into `/tmp/envoy-gateway-test/` will trigger an update of gateway-api resources:
+
+```shell
+cp examples/standalone/quickstart.yaml /tmp/envoy-gateway-test/quickstart.yaml
+```
+
+From the Envoy Gateway log, you should be able to observe that the Envoy Proxy has been started, and its admin address has been returned.
+
+### Test Connection
+
+Starts a simple local server as an endpoint:
+
+```shell
+python3 -m http.server 3000
+```
+
+Curl the example server through Envoy Proxy:
+
+```shell
+curl --verbose --header "Host: www.example.com" http://0.0.0.0:8888/
+```
+
+```console
+* Trying 0.0.0.0:8888...
+* Connected to 0.0.0.0 (127.0.0.1) port 8888 (#0)
+> GET / HTTP/1.1
+> Host: www.example.com
+> User-Agent: curl/7.81.0
+> Accept: */*
+>
+* Mark bundle as not supporting multiuse
+< HTTP/1.1 200 OK
+< server: SimpleHTTP/0.6 Python/3.10.12
+< date: Sat, 26 Oct 2024 13:20:34 GMT
+< content-type: text/html; charset=utf-8
+< content-length: 1870
+<
+...
+* Connection #0 to host 0.0.0.0 left intact
+```
+
+
+[Backend]: ../../../api/extension_types#backend
diff --git a/site/content/en/latest/tasks/security/oidc.md b/site/content/en/latest/tasks/security/oidc.md
index 45adc554a90..f6ad61f8aa1 100644
--- a/site/content/en/latest/tasks/security/oidc.md
+++ b/site/content/en/latest/tasks/security/oidc.md
@@ -85,7 +85,7 @@ kubectl get httproute/myapp -o yaml
## OIDC Authentication for a HTTPRoute
-OIDC can be configured at the Gateway level to authenticate all the HTTPRoutes that are associated with the Gateway with
+OIDC can be configured at the Gateway level to authenticate all the HTTPRoutes that are associated with the Gateway with
the same OIDC configuration, or at the HTTPRoute level to authenticate each HTTPRoute with different OIDC configurations.
This section demonstrates how to configure OIDC authentication for a specific HTTPRoute.
@@ -117,9 +117,9 @@ kubectl create secret generic my-app-client-secret --from-literal=client-secret=
### Create a SecurityPolicy
**Please notice that the `redirectURL` and `logoutPath` must match the target HTTPRoute.** In this example, the target
-HTTPRoute is configured to match the host `www.example.com` and the path `/myapp`, so the `redirectURL` must be prefixed
-with `https://www.example.com:8443/myapp`, and `logoutPath` must be prefixed with`/myapp`, otherwise the OIDC authentication
-will fail because the redirect and logout requests will not match the target HTTPRoute and therefore can't be processed
+HTTPRoute is configured to match the host `www.example.com` and the path `/myapp`, so the `redirectURL` must be prefixed
+with `https://www.example.com:8443/myapp`, and `logoutPath` must be prefixed with`/myapp`, otherwise the OIDC authentication
+will fail because the redirect and logout requests will not match the target HTTPRoute and therefore can't be processed
by the OAuth2 filter on that HTTPRoute.
Note: please replace the ${CLIENT_ID} in the below yaml snippet with the actual Client ID that you got from the OIDC provider.
@@ -200,8 +200,8 @@ Put www.example.com in the /etc/hosts file in your test machine, so we can use t
127.0.0.1 www.example.com
```
-Open a browser and navigate to the `https://www.example.com:8443/myapp` address. You should be redirected to the Google
-login page. After you successfully login, you should see the response from the backend service.
+Open a browser and navigate to the `https://www.example.com:8443/myapp` address. You should be redirected to the Google
+login page. After you successfully login, you should see the response from the backend service.
Clean the cookies in the browser and try to access `https://www.example.com:8443/foo` address. You should be able to see
this page since the path `/foo` is not protected by the OIDC policy.
@@ -284,16 +284,18 @@ kubectl get httproute/foo -o yaml
### Create a SecurityPolicy
-Create or update the SecurityPolicy to target the Gateway instead of the HTTPRoute. **Please notice that the `redirectURL`
-and `logoutPath` must match one of the HTTPRoutes associated with the Gateway.** In this example, the target Gateway has
-three HTTPRoutes associated with it, one with the host `www.example.com` and the path `/myapp`, one with the host
-`www.example.com` and the path `/`, and one with the host `foo.example.com` and the path `/`. Any of these HTTPRoutes
+Create or update the SecurityPolicy to target the Gateway instead of the HTTPRoute. **Please notice that the `redirectURL`
+and `logoutPath` must match one of the HTTPRoutes associated with the Gateway.** In this example, the target Gateway has
+three HTTPRoutes associated with it, one with the host `www.example.com` and the path `/myapp`, one with the host
+`www.example.com` and the path `/`, and one with the host `foo.example.com` and the path `/`. Any of these HTTPRoutes
can be used to match the `redirectURL` and `logoutPath`.
By default, the access token and ID token cookies are set to the host of the request, excluding subdomains. To allow the
-token cookies to be shared across subdomains and prevent users from having to log in again when switching between subdomains,
+token cookies to be shared across subdomains and prevent users from having to log in again when switching between subdomains,
the `cookieDomain` field needs to be set to the root domain. In this example, the root domain is `example.com`.
+Note: if a `cookieDomain` is added to an existing SecurityPolicy, the cookies in the browser must be cleared before sending a new request to the Gateway, otherwise the cookies with the old subdomain will take precedence and be sent to the Gateway, causing the OIDC authentication to fail.
+
{{< tabpane text=true >}}
{{% tab header="Apply from stdin" %}}
diff --git a/site/content/en/latest/tasks/traffic/response-override.md b/site/content/en/latest/tasks/traffic/response-override.md
new file mode 100644
index 00000000000..ea8121bfe89
--- /dev/null
+++ b/site/content/en/latest/tasks/traffic/response-override.md
@@ -0,0 +1,157 @@
+---
+title: "Response Override"
+---
+
+Response Override allows you to override the response from the backend with a custom one. This can be useful for scenarios such as returning a custom 404 page when the requested resource is not found or a custom 500 error message when the backend is failing.
+
+## Installation
+
+Follow the steps from the [Quickstart](../../quickstart) to install Envoy Gateway and the example manifest.
+Before proceeding, you should be able to query the example backend using HTTP.
+
+## Testing Response Override
+
+{{< tabpane text=true >}}
+{{% tab header="Apply from stdin" %}}
+
+```shell
+cat <}}
+
+```shell
+curl --verbose --header "Host: www.example.com" http://$GATEWAY_HOST/status/404
+```
+
+```console
+* Trying 127.0.0.1:80...
+* Connected to 172.18.0.200 (172.18.0.200) port 80
+> GET /status/404 HTTP/1.1
+> Host: www.example.com
+> User-Agent: curl/8.5.0
+> Accept: */*
+>
+< HTTP/1.1 404 Not Found
+< content-type: text/plain
+< content-length: 32
+< date: Thu, 07 Nov 2024 09:22:29 GMT
+<
+* Connection #0 to host 172.18.0.200 left intact
+Oops! Your request is not found.
+```
+
+```shell
+curl --verbose --header "Host: www.example.com" http://$GATEWAY_HOST/status/500
+```
+
+```console
+* Trying 127.0.0.1:80...
+* Connected to 172.18.0.200 (172.18.0.200) port 80
+> GET /status/500 HTTP/1.1
+> Host: www.example.com
+> User-Agent: curl/8.5.0
+> Accept: */*
+>
+< HTTP/1.1 500 Internal Server Error
+< content-type: application/json
+< content-length: 34
+< date: Thu, 07 Nov 2024 09:23:02 GMT
+<
+* Connection #0 to host 172.18.0.200 left intact
+{"error": "Internal Server Error"}
+```
\ No newline at end of file
diff --git a/site/content/en/news/releases/v1.2.md b/site/content/en/news/releases/v1.2.md
index ea39fe44262..4c04b1dfcac 100644
--- a/site/content/en/news/releases/v1.2.md
+++ b/site/content/en/news/releases/v1.2.md
@@ -14,7 +14,7 @@ This release represents a significant achievement, and we extend our heartfelt g
Thank you for being an integral part of this journey. We are excited to see how Envoy Gateway v1.2.0 will empower your operations and look forward to continuing our work together to drive the future of Cloud Native API Gateway.
-| [Release Notes][] | [Docs][docs] | [Compatibility Matrix][matrix] | [Download][] |
+| [Release Notes][] | [Docs][docs] | [Compatibility Matrix][matrix] | [Install][] |
|-------------------|--------------|--------------------------------|--------------|
## What's New
@@ -92,4 +92,4 @@ The release adds a ton of features and functionality. Here are some highlights:
[Release Notes]: ./notes/v1.2.0
[matrix]: ./matrix
[docs]: /v1.2/
-[Download]: https://github.com/envoyproxy/gateway/releases/tag/v1.2.0
+[Install]: /v1.2/install
diff --git a/site/content/en/v1.1/tasks/extensibility/wasm.md b/site/content/en/v1.1/tasks/extensibility/wasm.md
index 1b1d32f9ecb..5d2495cf566 100644
--- a/site/content/en/v1.1/tasks/extensibility/wasm.md
+++ b/site/content/en/v1.1/tasks/extensibility/wasm.md
@@ -90,7 +90,7 @@ spec:
Verify the EnvoyExtensionPolicy status:
```shell
-kubectl get envoyextensionpolicy/http-wasm-source-test -o yaml
+kubectl get envoyextensionpolicy/wasm-test -o yaml
```
### Image Wasm Extension
@@ -151,9 +151,148 @@ spec:
Verify the EnvoyExtensionPolicy status:
```shell
-kubectl get envoyextensionpolicy/http-wasm-source-test -o yaml
+kubectl get envoyextensionpolicy/wasm-test -o yaml
```
+### Wasm Extension Configuration
+
+This [EnvoyExtensionPolicy][] configuration fetches the Wasm extension from an OCI image and uses a config block to pass parameters to the extension when it's loaded.
+
+{{< tabpane text=true >}}
+{{% tab header="Apply from stdin" %}}
+
+```shell
+cat <}}
+
+Verify the EnvoyExtensionPolicy status:
+
+```shell
+kubectl get envoyextensionpolicy/wasm-test-o yaml
+```
+
+### Wasm Extension Configuration through Environment variables
+
+It is also possible to configure a wasm extension using environment variables from the host envoy process. Keys for the env vars to be shared are defined in a `hostKeys` block.
+
+This is especially useful for sharing secure data from environment vars on the envoy process set using [valueFrom](https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-environment-variables) a Kubernetes secret.
+
+Note that setting an env var on the envoy process requires a custom [EnvoyProxy](../../api/extension_types#envoyproxy) configuration.
+
+{{< tabpane text=true >}}
+{{% tab header="Apply from stdin" %}}
+
+```shell
+cat <}}
+
+
### Testing
Ensure the `GATEWAY_HOST` environment variable from the [Quickstart](../../quickstart) is set. If not, follow the
diff --git a/site/content/en/v1.2/api/extension_types.md b/site/content/en/v1.2/api/extension_types.md
index 8ab8f50c81f..a519fc34ea7 100644
--- a/site/content/en/v1.2/api/extension_types.md
+++ b/site/content/en/v1.2/api/extension_types.md
@@ -300,6 +300,19 @@ _Appears in:_
+#### BackendConnection
+
+
+
+BackendConnection allows users to configure connection-level settings of backend
+
+_Appears in:_
+- [BackendTrafficPolicySpec](#backendtrafficpolicyspec)
+- [ClusterSettings](#clustersettings)
+
+| Field | Type | Required | Description |
+| --- | --- | --- | --- |
+| `bufferLimit` | _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#quantity-resource-api)_ | false | BufferLimit Soft limit on size of the cluster’s connections read and write buffers.
BufferLimit applies to connection streaming (maybe non-streaming) channel between processes, it's in user space.
If unspecified, an implementation defined default is applied (32768 bytes).
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes. |
#### BackendEndpoint
@@ -484,6 +497,7 @@ A CIDR can be an IPv4 address range such as "192.168.1.0/24" or an IPv6 address
_Appears in:_
- [Principal](#principal)
+- [XForwardedForSettings](#xforwardedforsettings)
@@ -506,6 +520,23 @@ _Appears in:_
| `allowCredentials` | _boolean_ | false | AllowCredentials indicates whether a request can include user credentials
like cookies, authentication headers, or TLS client certificates.
It specifies the value in the Access-Control-Allow-Credentials CORS response header. |
+#### CircuitBreaker
+
+
+
+CircuitBreaker defines the Circuit Breaker configuration.
+
+_Appears in:_
+- [BackendTrafficPolicySpec](#backendtrafficpolicyspec)
+- [ClusterSettings](#clustersettings)
+
+| Field | Type | Required | Description |
+| --- | --- | --- | --- |
+| `maxConnections` | _integer_ | false | The maximum number of connections that Envoy will establish to the referenced backend defined within a xRoute rule. |
+| `maxPendingRequests` | _integer_ | false | The maximum number of pending requests that Envoy will queue to the referenced backend defined within a xRoute rule. |
+| `maxParallelRequests` | _integer_ | false | The maximum number of parallel requests that Envoy will make to the referenced backend defined within a xRoute rule. |
+| `maxParallelRetries` | _integer_ | false | The maximum number of parallel retries that Envoy will make to the referenced backend defined within a xRoute rule. |
+| `maxRequestsPerConnection` | _integer_ | false | The maximum number of requests that Envoy will make over a single connection to the referenced backend defined within a xRoute rule.
Default: unlimited. |
#### ClaimToHeader
@@ -876,6 +907,20 @@ _Appears in:_
| `RequestHeader` | CustomTagTypeRequestHeader adds value from request header to each span.
|
+#### DNS
+
+
+
+
+
+_Appears in:_
+- [BackendTrafficPolicySpec](#backendtrafficpolicyspec)
+- [ClusterSettings](#clustersettings)
+
+| Field | Type | Required | Description |
+| --- | --- | --- | --- |
+| `dnsRefreshRate` | _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#duration-v1-meta)_ | true | DNSRefreshRate specifies the rate at which DNS records should be refreshed.
Defaults to 30 seconds. |
+| `respectDnsTtl` | _boolean_ | true | RespectDNSTTL indicates whether the DNS Time-To-Live (TTL) should be respected.
If the value is set to true, the DNS refresh rate will be set to the resource record’s TTL.
Defaults to true. |
#### EnvironmentCustomTag
@@ -1789,6 +1834,23 @@ _Appears in:_
| `http10` | _[HTTP10Settings](#http10settings)_ | false | HTTP10 turns on support for HTTP/1.0 and HTTP/0.9 requests. |
+#### HTTP2Settings
+
+
+
+HTTP2Settings provides HTTP/2 configuration for listeners and backends.
+
+_Appears in:_
+- [BackendTrafficPolicySpec](#backendtrafficpolicyspec)
+- [ClientTrafficPolicySpec](#clienttrafficpolicyspec)
+- [ClusterSettings](#clustersettings)
+
+| Field | Type | Required | Description |
+| --- | --- | --- | --- |
+| `initialStreamWindowSize` | _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#quantity-resource-api)_ | false | InitialStreamWindowSize sets the initial window size for HTTP/2 streams.
If not set, the default value is 64 KiB(64*1024). |
+| `initialConnectionWindowSize` | _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#quantity-resource-api)_ | false | InitialConnectionWindowSize sets the initial window size for HTTP/2 connections.
If not set, the default value is 1 MiB. |
+| `maxConcurrentStreams` | _integer_ | false | MaxConcurrentStreams sets the maximum number of concurrent streams allowed per connection.
If not set, the default value is 100. |
+| `onInvalidMessage` | _[InvalidMessageAction](#invalidmessageaction)_ | false | OnInvalidMessage determines if Envoy will terminate the connection or just the offending stream in the event of HTTP messaging error
It's recommended for L2 Envoy deployments to set this value to TerminateStream.
https://www.envoyproxy.io/docs/envoy/latest/configuration/best_practices/level_two
Default: TerminateConnection |
#### HTTP3Settings
@@ -2032,6 +2094,21 @@ _Appears in:_
| `name` | _string_ | true | Name of the header to hash. |
+#### HeaderMatch
+
+
+
+HeaderMatch defines the match attributes within the HTTP Headers of the request.
+
+_Appears in:_
+- [RateLimitSelectCondition](#ratelimitselectcondition)
+
+| Field | Type | Required | Description |
+| --- | --- | --- | --- |
+| `type` | _[HeaderMatchType](#headermatchtype)_ | false | Type specifies how to match against the value of the header. |
+| `name` | _string_ | true | Name of the HTTP header. |
+| `value` | _string_ | false | Value within the HTTP header. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered equivalent.
Do not set this field when Type="Distinct", implying matching on any/all unique
values within the header. |
+| `invert` | _boolean_ | false | Invert specifies whether the value match result will be inverted.
Do not set this field when Type="Distinct", implying matching on any/all unique
values within the header. |
#### HeaderMatchType
@@ -2070,6 +2147,21 @@ _Appears in:_
| `earlyRequestHeaders` | _[HTTPHeaderFilter](#httpheaderfilter)_ | false | EarlyRequestHeaders defines settings for early request header modification, before envoy performs
routing, tracing and built-in header manipulation. |
+#### HealthCheck
+
+
+
+HealthCheck configuration to decide which endpoints
+are healthy and can be used for routing.
+
+_Appears in:_
+- [BackendTrafficPolicySpec](#backendtrafficpolicyspec)
+- [ClusterSettings](#clustersettings)
+
+| Field | Type | Required | Description |
+| --- | --- | --- | --- |
+| `active` | _[ActiveHealthCheck](#activehealthcheck)_ | false | Active health check configuration |
+| `passive` | _[PassiveHealthCheck](#passivehealthcheck)_ | false | Passive passive check configuration |
#### HealthCheckSettings
@@ -2565,6 +2657,21 @@ _Appears in:_
| `value` | _string_ | true | Value defines the hard-coded value to add to each span. |
+#### LoadBalancer
+
+
+
+LoadBalancer defines the load balancer policy to be applied.
+
+_Appears in:_
+- [BackendTrafficPolicySpec](#backendtrafficpolicyspec)
+- [ClusterSettings](#clustersettings)
+
+| Field | Type | Required | Description |
+| --- | --- | --- | --- |
+| `type` | _[LoadBalancerType](#loadbalancertype)_ | true | Type decides the type of Load Balancer policy.
Valid LoadBalancerType values are
"ConsistentHash",
"LeastRequest",
"Random",
"RoundRobin". |
+| `consistentHash` | _[ConsistentHash](#consistenthash)_ | false | ConsistentHash defines the configuration when the load balancer type is
set to ConsistentHash |
+| `slowStart` | _[SlowStart](#slowstart)_ | false | SlowStart defines the configuration related to the slow start load balancer policy.
If set, during slow start window, traffic sent to the newly added hosts will gradually increase.
Currently this is only supported for RoundRobin and LeastRequest load balancers |
#### LoadBalancerType
@@ -2616,6 +2723,19 @@ _Appears in:_
| `error` | LogLevelError defines the "Error" logging level.
|
+#### MergeType
+
+_Underlying type:_ _string_
+
+MergeType defines the type of merge operation
+
+_Appears in:_
+- [KubernetesPatchSpec](#kubernetespatchspec)
+
+| Value | Description |
+| ----- | ----------- |
+| `StrategicMerge` | StrategicMerge indicates a strategic merge patch type
|
+| `JSONMerge` | JSONMerge indicates a JSON merge patch type
|
#### MetricSinkType
@@ -2836,6 +2956,7 @@ _Appears in:_
| Field | Type | Required | Description |
| --- | --- | --- | --- |
| `clientCIDRs` | _[CIDR](#cidr) array_ | false | ClientCIDRs are the IP CIDR ranges of the client.
Valid examples are "192.168.1.0/24" or "2001:db8::/64"
If multiple CIDR ranges are specified, one of the CIDR ranges must match
the client IP for the rule to match.
The client IP is inferred from the X-Forwarded-For header, a custom header,
or the proxy protocol.
You can use the `ClientIPDetection` or the `EnableProxyProtocol` field in
the `ClientTrafficPolicy` to configure how the client IP is detected. |
+| `jwt` | _[JWTPrincipal](#jwtprincipal)_ | false | JWT authorize the request based on the JWT claims and scopes.
Note: in order to use JWT claims for authorization, you must configure the
JWT authentication in the same `SecurityPolicy`. |
#### ProcessingModeOptions
@@ -3101,6 +3222,20 @@ _Appears in:_
| `compression` | _[Compression](#compression)_ | false | Configure the compression on Prometheus endpoint. Compression is useful in situations when bandwidth is scarce and large payloads can be effectively compressed at the expense of higher CPU load. |
+#### ProxyProtocol
+
+
+
+ProxyProtocol defines the configuration related to the proxy protocol
+when communicating with the backend.
+
+_Appears in:_
+- [BackendTrafficPolicySpec](#backendtrafficpolicyspec)
+- [ClusterSettings](#clustersettings)
+
+| Field | Type | Required | Description |
+| --- | --- | --- | --- |
+| `version` | _[ProxyProtocolVersion](#proxyprotocolversion)_ | true | Version of ProxyProtol
Valid ProxyProtocolVersion values are
"V1"
"V2" |
#### ProxyProtocolVersion
@@ -3338,6 +3473,15 @@ _Appears in:_
| `url` | _string_ | true | URL is the endpoint of the trace collector that supports the OTLP protocol |
+#### RateLimitTracingProviderType
+
+_Underlying type:_ _string_
+
+
+
+_Appears in:_
+- [RateLimitTracingProvider](#ratelimittracingprovider)
+
#### RateLimitType
@@ -3491,6 +3635,21 @@ _Appears in:_
| `ValueRef` | ResponseValueTypeValueRef defines the "ValueRef" response body type.
|
+#### Retry
+
+
+
+Retry defines the retry strategy to be applied.
+
+_Appears in:_
+- [BackendTrafficPolicySpec](#backendtrafficpolicyspec)
+- [ClusterSettings](#clustersettings)
+
+| Field | Type | Required | Description |
+| --- | --- | --- | --- |
+| `numRetries` | _integer_ | false | NumRetries is the number of retries to be attempted. Defaults to 2. |
+| `retryOn` | _[RetryOn](#retryon)_ | false | RetryOn specifies the retry trigger condition.
If not specified, the default is to retry on connect-failure,refused-stream,unavailable,cancelled,retriable-status-codes(503). |
+| `perRetry` | _[PerRetryPolicy](#perretrypolicy)_ | false | PerRetry is the retry policy to be applied per retry attempt. |
#### RetryOn
@@ -3668,6 +3827,19 @@ _Appears in:_
| `window` | _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#duration-v1-meta)_ | true | Window defines the duration of the warm up period for newly added host.
During slow start window, traffic sent to the newly added hosts will gradually increase.
Currently only supports linear growth of traffic. For additional details,
see https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#config-cluster-v3-cluster-slowstartconfig |
+#### SourceMatch
+
+
+
+
+
+_Appears in:_
+- [RateLimitSelectCondition](#ratelimitselectcondition)
+
+| Field | Type | Required | Description |
+| --- | --- | --- | --- |
+| `type` | _[SourceMatchType](#sourcematchtype)_ | false | |
+| `value` | _string_ | true | Value is the IP CIDR that represents the range of Source IP Addresses of the client.
These could also be the intermediate addresses through which the request has flown through and is part of the `X-Forwarded-For` header.
For example, `192.168.0.1/32`, `192.168.0.0/24`, `001:db8::/64`. |
#### SourceMatchType
@@ -3826,6 +3998,22 @@ _Appears in:_
| `idleTimeout` | _[Duration](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.Duration)_ | false | IdleTimeout for a TCP connection. Idle time is defined as a period in which there are no
bytes sent or received on either the upstream or downstream connection.
Default: 1 hour. |
+#### TCPKeepalive
+
+
+
+TCPKeepalive define the TCP Keepalive configuration.
+
+_Appears in:_
+- [BackendTrafficPolicySpec](#backendtrafficpolicyspec)
+- [ClientTrafficPolicySpec](#clienttrafficpolicyspec)
+- [ClusterSettings](#clustersettings)
+
+| Field | Type | Required | Description |
+| --- | --- | --- | --- |
+| `probes` | _integer_ | false | The total number of unacknowledged probes to send before deciding
the connection is dead.
Defaults to 9. |
+| `idleTime` | _[Duration](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.Duration)_ | false | The duration a connection needs to be idle before keep-alive
probes start being sent.
The duration format is
Defaults to `7200s`. |
+| `interval` | _[Duration](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.Duration)_ | false | The duration between keep-alive probes.
Defaults to `75s`. |
#### TCPTimeout
@@ -3902,6 +4090,20 @@ _Appears in:_
| `matchLabels` | _object (keys:string, values:string)_ | true | MatchLabels are the set of label selectors for identifying the targeted resource |
+#### Timeout
+
+
+
+Timeout defines configuration for timeouts related to connections.
+
+_Appears in:_
+- [BackendTrafficPolicySpec](#backendtrafficpolicyspec)
+- [ClusterSettings](#clustersettings)
+
+| Field | Type | Required | Description |
+| --- | --- | --- | --- |
+| `tcp` | _[TCPTimeout](#tcptimeout)_ | false | Timeout settings for TCP. |
+| `http` | _[HTTPTimeout](#httptimeout)_ | false | Timeout settings for HTTP. |
#### TracingProvider
@@ -4142,13 +4344,15 @@ _Appears in:_
XForwardedForSettings provides configuration for using X-Forwarded-For headers for determining the client IP address.
+Refer to https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#x-forwarded-for
+for more details.
_Appears in:_
- [ClientIPDetectionSettings](#clientipdetectionsettings)
| Field | Type | Required | Description |
| --- | --- | --- | --- |
-| `numTrustedHops` | _integer_ | false | NumTrustedHops controls the number of additional ingress proxy hops from the right side of XFF HTTP
headers to trust when determining the origin client's IP address.
Refer to https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#x-forwarded-for
for more details. |
+| `numTrustedHops` | _integer_ | false | NumTrustedHops controls the number of additional ingress proxy hops from the right side of XFF HTTP
headers to trust when determining the origin client's IP address.
Only one of NumTrustedHops and TrustedCIDRs must be set. |
#### ZipkinTracingProvider
diff --git a/site/content/en/v1.2/install/install-helm.md b/site/content/en/v1.2/install/install-helm.md
index b9768eca129..16975efc84d 100644
--- a/site/content/en/v1.2/install/install-helm.md
+++ b/site/content/en/v1.2/install/install-helm.md
@@ -61,7 +61,9 @@ consideration when debugging.
## Upgrading from a previous version
-Follow the steps outlined in [this](./install-yaml.md#upgrading-from-v1.1) section if you're upgrading from a previous version.
+[Helm](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/#some-caveats-and-explanations) does not update CRDs
+that live in the `/crds` folder in the Helm Chart. So you will manually need to update the CRDs.
+Follow the steps outlined in [this](./install-yaml/#upgrading-from-v1.1) section if you're upgrading from a previous version.
## Helm chart customizations
diff --git a/site/content/en/v1.2/tasks/operations/standalone-deployment-mode.md b/site/content/en/v1.2/tasks/operations/standalone-deployment-mode.md
new file mode 100644
index 00000000000..cc8218a2905
--- /dev/null
+++ b/site/content/en/v1.2/tasks/operations/standalone-deployment-mode.md
@@ -0,0 +1,123 @@
+---
+title: "Standalone Deployment Mode"
+---
+
+{{% alert title="Notice" color="warning" %}}
+
+Standalone mode is an experimental feature, please **DO NOT** use it in production.
+
+{{% /alert %}}
+
+Envoy Gateway also supports running in standalone mode. In this mode, Envoy Gateway
+does not need to rely on Kubernetes and can be deployed directly on bare metal or virtual machines.
+
+Currently, Envoy Gateway only support the file provider and the host infrastructure provider combinations.
+
+- The file provider will configure the Envoy Gateway to get all gateway-api resources from file system.
+- The host infrastructure provider will configure the Envoy Gateway to deploy one Envoy Proxy as a host process.
+
+## Quick Start
+
+In this quick-start, we will run Envoy Gateway in standalone mode with the file provider
+and the host infrastructure provider.
+
+### Prerequisites
+
+Create a local directory just for testing:
+
+```shell
+mkdir -p /tmp/envoy-gateway-test
+```
+
+Download the Envoy Gateway binary from v1.2.x release.
+
+### Create Certificates
+
+All runners in Envoy Gateway are using TLS connection, so create these TLS certificates locally to
+ensure the Envoy Gateway works properly.
+
+```shell
+envoy-gateway certgen --local
+```
+
+### Start Envoy Gateway
+
+Start Envoy Gateway by the following command:
+
+```shell
+envoy-gateway server --config-path standalone.yaml
+```
+
+with `standalone.yaml` configuration:
+
+```yaml
+apiVersion: gateway.envoyproxy.io/v1alpha1
+kind: EnvoyGateway
+gateway:
+ controllerName: gateway.envoyproxy.io/gatewayclass-controller
+provider:
+ type: Custom
+ custom:
+ resource:
+ type: File
+ file:
+ paths: ["/tmp/envoy-gateway-test"]
+ infrastructure:
+ type: Host
+ host: {}
+logging:
+ level:
+ default: info
+extensionApis:
+ enableBackend: true
+```
+
+As you can see, we have enabled the [Backend][] API, this API will be used to represent our local endpoints.
+
+### Trigger an Update
+
+Any changes under watched `paths` will be considered as an update by the file provider.
+
+For instance, copying example file into `/tmp/envoy-gateway-test/` will trigger an update of gateway-api resources:
+
+```shell
+cp examples/standalone/quickstart.yaml /tmp/envoy-gateway-test/quickstart.yaml
+```
+
+From the Envoy Gateway log, you should be able to observe that the Envoy Proxy has been started, and its admin address has been returned.
+
+### Test Connection
+
+Starts a simple local server as an endpoint:
+
+```shell
+python3 -m http.server 3000
+```
+
+Curl the example server through Envoy Proxy:
+
+```shell
+curl --verbose --header "Host: www.example.com" http://0.0.0.0:8888/
+```
+
+```console
+* Trying 0.0.0.0:8888...
+* Connected to 0.0.0.0 (127.0.0.1) port 8888 (#0)
+> GET / HTTP/1.1
+> Host: www.example.com
+> User-Agent: curl/7.81.0
+> Accept: */*
+>
+* Mark bundle as not supporting multiuse
+< HTTP/1.1 200 OK
+< server: SimpleHTTP/0.6 Python/3.10.12
+< date: Sat, 26 Oct 2024 13:20:34 GMT
+< content-type: text/html; charset=utf-8
+< content-length: 1870
+<
+...
+* Connection #0 to host 0.0.0.0 left intact
+```
+
+
+[Backend]: ../../../api/extension_types#backend
diff --git a/site/content/en/v1.2/tasks/security/oidc.md b/site/content/en/v1.2/tasks/security/oidc.md
index 45adc554a90..f6ad61f8aa1 100644
--- a/site/content/en/v1.2/tasks/security/oidc.md
+++ b/site/content/en/v1.2/tasks/security/oidc.md
@@ -85,7 +85,7 @@ kubectl get httproute/myapp -o yaml
## OIDC Authentication for a HTTPRoute
-OIDC can be configured at the Gateway level to authenticate all the HTTPRoutes that are associated with the Gateway with
+OIDC can be configured at the Gateway level to authenticate all the HTTPRoutes that are associated with the Gateway with
the same OIDC configuration, or at the HTTPRoute level to authenticate each HTTPRoute with different OIDC configurations.
This section demonstrates how to configure OIDC authentication for a specific HTTPRoute.
@@ -117,9 +117,9 @@ kubectl create secret generic my-app-client-secret --from-literal=client-secret=
### Create a SecurityPolicy
**Please notice that the `redirectURL` and `logoutPath` must match the target HTTPRoute.** In this example, the target
-HTTPRoute is configured to match the host `www.example.com` and the path `/myapp`, so the `redirectURL` must be prefixed
-with `https://www.example.com:8443/myapp`, and `logoutPath` must be prefixed with`/myapp`, otherwise the OIDC authentication
-will fail because the redirect and logout requests will not match the target HTTPRoute and therefore can't be processed
+HTTPRoute is configured to match the host `www.example.com` and the path `/myapp`, so the `redirectURL` must be prefixed
+with `https://www.example.com:8443/myapp`, and `logoutPath` must be prefixed with`/myapp`, otherwise the OIDC authentication
+will fail because the redirect and logout requests will not match the target HTTPRoute and therefore can't be processed
by the OAuth2 filter on that HTTPRoute.
Note: please replace the ${CLIENT_ID} in the below yaml snippet with the actual Client ID that you got from the OIDC provider.
@@ -200,8 +200,8 @@ Put www.example.com in the /etc/hosts file in your test machine, so we can use t
127.0.0.1 www.example.com
```
-Open a browser and navigate to the `https://www.example.com:8443/myapp` address. You should be redirected to the Google
-login page. After you successfully login, you should see the response from the backend service.
+Open a browser and navigate to the `https://www.example.com:8443/myapp` address. You should be redirected to the Google
+login page. After you successfully login, you should see the response from the backend service.
Clean the cookies in the browser and try to access `https://www.example.com:8443/foo` address. You should be able to see
this page since the path `/foo` is not protected by the OIDC policy.
@@ -284,16 +284,18 @@ kubectl get httproute/foo -o yaml
### Create a SecurityPolicy
-Create or update the SecurityPolicy to target the Gateway instead of the HTTPRoute. **Please notice that the `redirectURL`
-and `logoutPath` must match one of the HTTPRoutes associated with the Gateway.** In this example, the target Gateway has
-three HTTPRoutes associated with it, one with the host `www.example.com` and the path `/myapp`, one with the host
-`www.example.com` and the path `/`, and one with the host `foo.example.com` and the path `/`. Any of these HTTPRoutes
+Create or update the SecurityPolicy to target the Gateway instead of the HTTPRoute. **Please notice that the `redirectURL`
+and `logoutPath` must match one of the HTTPRoutes associated with the Gateway.** In this example, the target Gateway has
+three HTTPRoutes associated with it, one with the host `www.example.com` and the path `/myapp`, one with the host
+`www.example.com` and the path `/`, and one with the host `foo.example.com` and the path `/`. Any of these HTTPRoutes
can be used to match the `redirectURL` and `logoutPath`.
By default, the access token and ID token cookies are set to the host of the request, excluding subdomains. To allow the
-token cookies to be shared across subdomains and prevent users from having to log in again when switching between subdomains,
+token cookies to be shared across subdomains and prevent users from having to log in again when switching between subdomains,
the `cookieDomain` field needs to be set to the root domain. In this example, the root domain is `example.com`.
+Note: if a `cookieDomain` is added to an existing SecurityPolicy, the cookies in the browser must be cleared before sending a new request to the Gateway, otherwise the cookies with the old subdomain will take precedence and be sent to the Gateway, causing the OIDC authentication to fail.
+
{{< tabpane text=true >}}
{{% tab header="Apply from stdin" %}}
diff --git a/site/content/en/v1.2/tasks/traffic/response-override.md b/site/content/en/v1.2/tasks/traffic/response-override.md
new file mode 100644
index 00000000000..ea8121bfe89
--- /dev/null
+++ b/site/content/en/v1.2/tasks/traffic/response-override.md
@@ -0,0 +1,157 @@
+---
+title: "Response Override"
+---
+
+Response Override allows you to override the response from the backend with a custom one. This can be useful for scenarios such as returning a custom 404 page when the requested resource is not found or a custom 500 error message when the backend is failing.
+
+## Installation
+
+Follow the steps from the [Quickstart](../../quickstart) to install Envoy Gateway and the example manifest.
+Before proceeding, you should be able to query the example backend using HTTP.
+
+## Testing Response Override
+
+{{< tabpane text=true >}}
+{{% tab header="Apply from stdin" %}}
+
+```shell
+cat <}}
+
+```shell
+curl --verbose --header "Host: www.example.com" http://$GATEWAY_HOST/status/404
+```
+
+```console
+* Trying 127.0.0.1:80...
+* Connected to 172.18.0.200 (172.18.0.200) port 80
+> GET /status/404 HTTP/1.1
+> Host: www.example.com
+> User-Agent: curl/8.5.0
+> Accept: */*
+>
+< HTTP/1.1 404 Not Found
+< content-type: text/plain
+< content-length: 32
+< date: Thu, 07 Nov 2024 09:22:29 GMT
+<
+* Connection #0 to host 172.18.0.200 left intact
+Oops! Your request is not found.
+```
+
+```shell
+curl --verbose --header "Host: www.example.com" http://$GATEWAY_HOST/status/500
+```
+
+```console
+* Trying 127.0.0.1:80...
+* Connected to 172.18.0.200 (172.18.0.200) port 80
+> GET /status/500 HTTP/1.1
+> Host: www.example.com
+> User-Agent: curl/8.5.0
+> Accept: */*
+>
+< HTTP/1.1 500 Internal Server Error
+< content-type: application/json
+< content-length: 34
+< date: Thu, 07 Nov 2024 09:23:02 GMT
+<
+* Connection #0 to host 172.18.0.200 left intact
+{"error": "Internal Server Error"}
+```
\ No newline at end of file
diff --git a/site/content/zh/latest/api/extension_types.md b/site/content/zh/latest/api/extension_types.md
index 009a01f3231..523525b17f0 100644
--- a/site/content/zh/latest/api/extension_types.md
+++ b/site/content/zh/latest/api/extension_types.md
@@ -52,11 +52,7 @@ ALSEnvoyProxyAccessLog defines the gRPC Access Log Service (ALS) sink.
The service must implement the Envoy gRPC Access Log Service streaming API:
https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/accesslog/v3/als.proto
Access log format information is passed in the form of gRPC metadata when the
-stream is established. Specifically, the following metadata is passed:
-
-
-- `x-accesslog-text` - The access log format string when a Text format is used.
-- `x-accesslog-attr` - JSON encoded key/value pairs when a JSON format is used.
+stream is established.
_Appears in:_
- [ProxyAccessLogSink](#proxyaccesslogsink)
@@ -300,6 +296,19 @@ _Appears in:_
+#### BackendConnection
+
+
+
+BackendConnection allows users to configure connection-level settings of backend
+
+_Appears in:_
+- [BackendTrafficPolicySpec](#backendtrafficpolicyspec)
+- [ClusterSettings](#clustersettings)
+
+| Field | Type | Required | Description |
+| --- | --- | --- | --- |
+| `bufferLimit` | _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#quantity-resource-api)_ | false | BufferLimit Soft limit on size of the cluster’s connections read and write buffers.
BufferLimit applies to connection streaming (maybe non-streaming) channel between processes, it's in user space.
If unspecified, an implementation defined default is applied (32768 bytes).
For example, 20Mi, 1Gi, 256Ki etc.
Note: that when the suffix is not provided, the value is interpreted as bytes. |
#### BackendEndpoint
@@ -394,7 +403,7 @@ _Appears in:_
| `ciphers` | _string array_ | false | Ciphers specifies the set of cipher suites supported when
negotiating TLS 1.0 - 1.2. This setting has no effect for TLS 1.3.
In non-FIPS Envoy Proxy builds the default cipher list is:
- [ECDHE-ECDSA-AES128-GCM-SHA256\|ECDHE-ECDSA-CHACHA20-POLY1305]
- [ECDHE-RSA-AES128-GCM-SHA256\|ECDHE-RSA-CHACHA20-POLY1305]
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-RSA-AES256-GCM-SHA384
In builds using BoringSSL FIPS the default cipher list is:
- ECDHE-ECDSA-AES128-GCM-SHA256
- ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-RSA-AES256-GCM-SHA384 |
| `ecdhCurves` | _string array_ | false | ECDHCurves specifies the set of supported ECDH curves.
In non-FIPS Envoy Proxy builds the default curves are:
- X25519
- P-256
In builds using BoringSSL FIPS the default curve is:
- P-256 |
| `signatureAlgorithms` | _string array_ | false | SignatureAlgorithms specifies which signature algorithms the listener should
support. |
-| `alpnProtocols` | _[ALPNProtocol](#alpnprotocol) array_ | false | ALPNProtocols supplies the list of ALPN protocols that should be
exposed by the listener. By default h2 and http/1.1 are enabled.
Supported values are:
- http/1.0
- http/1.1
- h2 |
+| `alpnProtocols` | _[ALPNProtocol](#alpnprotocol) array_ | false | ALPNProtocols supplies the list of ALPN protocols that should be
exposed by the listener or used by the proxy to connect to the backend.
Defaults:
1. HTTPS Routes: h2 and http/1.1 are enabled in listener context.
2. Other Routes: ALPN is disabled.
3. Backends: proxy uses the appropriate ALPN options for the backend protocol.
When an empty list is provided, the ALPN TLS extension is disabled.
Supported values are:
- http/1.0
- http/1.1
- h2 |
#### BackendTrafficPolicy
@@ -495,6 +504,7 @@ A CIDR can be an IPv4 address range such as "192.168.1.0/24" or an IPv6 address
_Appears in:_
- [Principal](#principal)
+- [XForwardedForSettings](#xforwardedforsettings)
@@ -517,6 +527,23 @@ _Appears in:_
| `allowCredentials` | _boolean_ | false | AllowCredentials indicates whether a request can include user credentials
like cookies, authentication headers, or TLS client certificates.
It specifies the value in the Access-Control-Allow-Credentials CORS response header. |
+#### CircuitBreaker
+
+
+
+CircuitBreaker defines the Circuit Breaker configuration.
+
+_Appears in:_
+- [BackendTrafficPolicySpec](#backendtrafficpolicyspec)
+- [ClusterSettings](#clustersettings)
+
+| Field | Type | Required | Description |
+| --- | --- | --- | --- |
+| `maxConnections` | _integer_ | false | The maximum number of connections that Envoy will establish to the referenced backend defined within a xRoute rule. |
+| `maxPendingRequests` | _integer_ | false | The maximum number of pending requests that Envoy will queue to the referenced backend defined within a xRoute rule. |
+| `maxParallelRequests` | _integer_ | false | The maximum number of parallel requests that Envoy will make to the referenced backend defined within a xRoute rule. |
+| `maxParallelRetries` | _integer_ | false | The maximum number of parallel retries that Envoy will make to the referenced backend defined within a xRoute rule. |
+| `maxRequestsPerConnection` | _integer_ | false | The maximum number of requests that Envoy will make over a single connection to the referenced backend defined within a xRoute rule.
Default: unlimited. |
#### ClaimToHeader
@@ -581,7 +608,7 @@ _Appears in:_
| `ciphers` | _string array_ | false | Ciphers specifies the set of cipher suites supported when
negotiating TLS 1.0 - 1.2. This setting has no effect for TLS 1.3.
In non-FIPS Envoy Proxy builds the default cipher list is:
- [ECDHE-ECDSA-AES128-GCM-SHA256\|ECDHE-ECDSA-CHACHA20-POLY1305]
- [ECDHE-RSA-AES128-GCM-SHA256\|ECDHE-RSA-CHACHA20-POLY1305]
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-RSA-AES256-GCM-SHA384
In builds using BoringSSL FIPS the default cipher list is:
- ECDHE-ECDSA-AES128-GCM-SHA256
- ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-RSA-AES256-GCM-SHA384 |
| `ecdhCurves` | _string array_ | false | ECDHCurves specifies the set of supported ECDH curves.
In non-FIPS Envoy Proxy builds the default curves are:
- X25519
- P-256
In builds using BoringSSL FIPS the default curve is:
- P-256 |
| `signatureAlgorithms` | _string array_ | false | SignatureAlgorithms specifies which signature algorithms the listener should
support. |
-| `alpnProtocols` | _[ALPNProtocol](#alpnprotocol) array_ | false | ALPNProtocols supplies the list of ALPN protocols that should be
exposed by the listener. By default h2 and http/1.1 are enabled.
Supported values are:
- http/1.0
- http/1.1
- h2 |
+| `alpnProtocols` | _[ALPNProtocol](#alpnprotocol) array_ | false | ALPNProtocols supplies the list of ALPN protocols that should be
exposed by the listener or used by the proxy to connect to the backend.
Defaults:
1. HTTPS Routes: h2 and http/1.1 are enabled in listener context.
2. Other Routes: ALPN is disabled.
3. Backends: proxy uses the appropriate ALPN options for the backend protocol.
When an empty list is provided, the ALPN TLS extension is disabled.
Supported values are:
- http/1.0
- http/1.1
- h2 |
| `session` | _[Session](#session)_ | false | Session defines settings related to TLS session management. |
@@ -887,6 +914,20 @@ _Appears in:_
| `RequestHeader` | CustomTagTypeRequestHeader adds value from request header to each span.
|
+#### DNS
+
+
+
+
+
+_Appears in:_
+- [BackendTrafficPolicySpec](#backendtrafficpolicyspec)
+- [ClusterSettings](#clustersettings)
+
+| Field | Type | Required | Description |
+| --- | --- | --- | --- |
+| `dnsRefreshRate` | _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#duration-v1-meta)_ | true | DNSRefreshRate specifies the rate at which DNS records should be refreshed.
Defaults to 30 seconds. |
+| `respectDnsTtl` | _boolean_ | true | RespectDNSTTL indicates whether the DNS Time-To-Live (TTL) should be respected.
If the value is set to true, the DNS refresh rate will be set to the resource record’s TTL.
Defaults to true. |
#### EnvironmentCustomTag
@@ -1801,6 +1842,23 @@ _Appears in:_
| `http10` | _[HTTP10Settings](#http10settings)_ | false | HTTP10 turns on support for HTTP/1.0 and HTTP/0.9 requests. |
+#### HTTP2Settings
+
+
+
+HTTP2Settings provides HTTP/2 configuration for listeners and backends.
+
+_Appears in:_
+- [BackendTrafficPolicySpec](#backendtrafficpolicyspec)
+- [ClientTrafficPolicySpec](#clienttrafficpolicyspec)
+- [ClusterSettings](#clustersettings)
+
+| Field | Type | Required | Description |
+| --- | --- | --- | --- |
+| `initialStreamWindowSize` | _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#quantity-resource-api)_ | false | InitialStreamWindowSize sets the initial window size for HTTP/2 streams.
If not set, the default value is 64 KiB(64*1024). |
+| `initialConnectionWindowSize` | _[Quantity](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#quantity-resource-api)_ | false | InitialConnectionWindowSize sets the initial window size for HTTP/2 connections.
If not set, the default value is 1 MiB. |
+| `maxConcurrentStreams` | _integer_ | false | MaxConcurrentStreams sets the maximum number of concurrent streams allowed per connection.
If not set, the default value is 100. |
+| `onInvalidMessage` | _[InvalidMessageAction](#invalidmessageaction)_ | false | OnInvalidMessage determines if Envoy will terminate the connection or just the offending stream in the event of HTTP messaging error
It's recommended for L2 Envoy deployments to set this value to TerminateStream.
https://www.envoyproxy.io/docs/envoy/latest/configuration/best_practices/level_two
Default: TerminateConnection |
#### HTTP3Settings
@@ -2044,6 +2102,21 @@ _Appears in:_
| `name` | _string_ | true | Name of the header to hash. |
+#### HeaderMatch
+
+
+
+HeaderMatch defines the match attributes within the HTTP Headers of the request.
+
+_Appears in:_
+- [RateLimitSelectCondition](#ratelimitselectcondition)
+
+| Field | Type | Required | Description |
+| --- | --- | --- | --- |
+| `type` | _[HeaderMatchType](#headermatchtype)_ | false | Type specifies how to match against the value of the header. |
+| `name` | _string_ | true | Name of the HTTP header. |
+| `value` | _string_ | false | Value within the HTTP header. Due to the
case-insensitivity of header names, "foo" and "Foo" are considered equivalent.
Do not set this field when Type="Distinct", implying matching on any/all unique
values within the header. |
+| `invert` | _boolean_ | false | Invert specifies whether the value match result will be inverted.
Do not set this field when Type="Distinct", implying matching on any/all unique
values within the header. |
#### HeaderMatchType
@@ -2082,6 +2155,21 @@ _Appears in:_
| `earlyRequestHeaders` | _[HTTPHeaderFilter](#httpheaderfilter)_ | false | EarlyRequestHeaders defines settings for early request header modification, before envoy performs
routing, tracing and built-in header manipulation. |
+#### HealthCheck
+
+
+
+HealthCheck configuration to decide which endpoints
+are healthy and can be used for routing.
+
+_Appears in:_
+- [BackendTrafficPolicySpec](#backendtrafficpolicyspec)
+- [ClusterSettings](#clustersettings)
+
+| Field | Type | Required | Description |
+| --- | --- | --- | --- |
+| `active` | _[ActiveHealthCheck](#activehealthcheck)_ | false | Active health check configuration |
+| `passive` | _[PassiveHealthCheck](#passivehealthcheck)_ | false | Passive passive check configuration |
#### HealthCheckSettings
@@ -2577,6 +2665,21 @@ _Appears in:_
| `value` | _string_ | true | Value defines the hard-coded value to add to each span. |
+#### LoadBalancer
+
+
+
+LoadBalancer defines the load balancer policy to be applied.
+
+_Appears in:_
+- [BackendTrafficPolicySpec](#backendtrafficpolicyspec)
+- [ClusterSettings](#clustersettings)
+
+| Field | Type | Required | Description |
+| --- | --- | --- | --- |
+| `type` | _[LoadBalancerType](#loadbalancertype)_ | true | Type decides the type of Load Balancer policy.
Valid LoadBalancerType values are
"ConsistentHash",
"LeastRequest",
"Random",
"RoundRobin". |
+| `consistentHash` | _[ConsistentHash](#consistenthash)_ | false | ConsistentHash defines the configuration when the load balancer type is
set to ConsistentHash |
+| `slowStart` | _[SlowStart](#slowstart)_ | false | SlowStart defines the configuration related to the slow start load balancer policy.
If set, during slow start window, traffic sent to the newly added hosts will gradually increase.
Currently this is only supported for RoundRobin and LeastRequest load balancers |
#### LoadBalancerType
@@ -2628,6 +2731,19 @@ _Appears in:_
| `error` | LogLevelError defines the "Error" logging level.
|
+#### MergeType
+
+_Underlying type:_ _string_
+
+MergeType defines the type of merge operation
+
+_Appears in:_
+- [KubernetesPatchSpec](#kubernetespatchspec)
+
+| Value | Description |
+| ----- | ----------- |
+| `StrategicMerge` | StrategicMerge indicates a strategic merge patch type
|
+| `JSONMerge` | JSONMerge indicates a JSON merge patch type
|
#### MetricSinkType
@@ -2848,6 +2964,7 @@ _Appears in:_
| Field | Type | Required | Description |
| --- | --- | --- | --- |
| `clientCIDRs` | _[CIDR](#cidr) array_ | false | ClientCIDRs are the IP CIDR ranges of the client.
Valid examples are "192.168.1.0/24" or "2001:db8::/64"
If multiple CIDR ranges are specified, one of the CIDR ranges must match
the client IP for the rule to match.
The client IP is inferred from the X-Forwarded-For header, a custom header,
or the proxy protocol.
You can use the `ClientIPDetection` or the `EnableProxyProtocol` field in
the `ClientTrafficPolicy` to configure how the client IP is detected. |
+| `jwt` | _[JWTPrincipal](#jwtprincipal)_ | false | JWT authorize the request based on the JWT claims and scopes.
Note: in order to use JWT claims for authorization, you must configure the
JWT authentication in the same `SecurityPolicy`. |
#### ProcessingModeOptions
@@ -3113,6 +3230,20 @@ _Appears in:_
| `compression` | _[Compression](#compression)_ | false | Configure the compression on Prometheus endpoint. Compression is useful in situations when bandwidth is scarce and large payloads can be effectively compressed at the expense of higher CPU load. |
+#### ProxyProtocol
+
+
+
+ProxyProtocol defines the configuration related to the proxy protocol
+when communicating with the backend.
+
+_Appears in:_
+- [BackendTrafficPolicySpec](#backendtrafficpolicyspec)
+- [ClusterSettings](#clustersettings)
+
+| Field | Type | Required | Description |
+| --- | --- | --- | --- |
+| `version` | _[ProxyProtocolVersion](#proxyprotocolversion)_ | true | Version of ProxyProtol
Valid ProxyProtocolVersion values are
"V1"
"V2" |
#### ProxyProtocolVersion
@@ -3350,6 +3481,15 @@ _Appears in:_
| `url` | _string_ | true | URL is the endpoint of the trace collector that supports the OTLP protocol |
+#### RateLimitTracingProviderType
+
+_Underlying type:_ _string_
+
+
+
+_Appears in:_
+- [RateLimitTracingProvider](#ratelimittracingprovider)
+
#### RateLimitType
@@ -3503,6 +3643,21 @@ _Appears in:_
| `ValueRef` | ResponseValueTypeValueRef defines the "ValueRef" response body type.
|
+#### Retry
+
+
+
+Retry defines the retry strategy to be applied.
+
+_Appears in:_
+- [BackendTrafficPolicySpec](#backendtrafficpolicyspec)
+- [ClusterSettings](#clustersettings)
+
+| Field | Type | Required | Description |
+| --- | --- | --- | --- |
+| `numRetries` | _integer_ | false | NumRetries is the number of retries to be attempted. Defaults to 2. |
+| `retryOn` | _[RetryOn](#retryon)_ | false | RetryOn specifies the retry trigger condition.
If not specified, the default is to retry on connect-failure,refused-stream,unavailable,cancelled,retriable-status-codes(503). |
+| `perRetry` | _[PerRetryPolicy](#perretrypolicy)_ | false | PerRetry is the retry policy to be applied per retry attempt. |
#### RetryOn
@@ -3680,6 +3835,19 @@ _Appears in:_
| `window` | _[Duration](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#duration-v1-meta)_ | true | Window defines the duration of the warm up period for newly added host.
During slow start window, traffic sent to the newly added hosts will gradually increase.
Currently only supports linear growth of traffic. For additional details,
see https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#config-cluster-v3-cluster-slowstartconfig |
+#### SourceMatch
+
+
+
+
+
+_Appears in:_
+- [RateLimitSelectCondition](#ratelimitselectcondition)
+
+| Field | Type | Required | Description |
+| --- | --- | --- | --- |
+| `type` | _[SourceMatchType](#sourcematchtype)_ | false | |
+| `value` | _string_ | true | Value is the IP CIDR that represents the range of Source IP Addresses of the client.
These could also be the intermediate addresses through which the request has flown through and is part of the `X-Forwarded-For` header.
For example, `192.168.0.1/32`, `192.168.0.0/24`, `001:db8::/64`. |
#### SourceMatchType
@@ -3838,6 +4006,22 @@ _Appears in:_
| `idleTimeout` | _[Duration](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.Duration)_ | false | IdleTimeout for a TCP connection. Idle time is defined as a period in which there are no
bytes sent or received on either the upstream or downstream connection.
Default: 1 hour. |
+#### TCPKeepalive
+
+
+
+TCPKeepalive define the TCP Keepalive configuration.
+
+_Appears in:_
+- [BackendTrafficPolicySpec](#backendtrafficpolicyspec)
+- [ClientTrafficPolicySpec](#clienttrafficpolicyspec)
+- [ClusterSettings](#clustersettings)
+
+| Field | Type | Required | Description |
+| --- | --- | --- | --- |
+| `probes` | _integer_ | false | The total number of unacknowledged probes to send before deciding
the connection is dead.
Defaults to 9. |
+| `idleTime` | _[Duration](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.Duration)_ | false | The duration a connection needs to be idle before keep-alive
probes start being sent.
The duration format is
Defaults to `7200s`. |
+| `interval` | _[Duration](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.Duration)_ | false | The duration between keep-alive probes.
Defaults to `75s`. |
#### TCPTimeout
@@ -3871,7 +4055,7 @@ _Appears in:_
| `ciphers` | _string array_ | false | Ciphers specifies the set of cipher suites supported when
negotiating TLS 1.0 - 1.2. This setting has no effect for TLS 1.3.
In non-FIPS Envoy Proxy builds the default cipher list is:
- [ECDHE-ECDSA-AES128-GCM-SHA256\|ECDHE-ECDSA-CHACHA20-POLY1305]
- [ECDHE-RSA-AES128-GCM-SHA256\|ECDHE-RSA-CHACHA20-POLY1305]
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-RSA-AES256-GCM-SHA384
In builds using BoringSSL FIPS the default cipher list is:
- ECDHE-ECDSA-AES128-GCM-SHA256
- ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-RSA-AES256-GCM-SHA384 |
| `ecdhCurves` | _string array_ | false | ECDHCurves specifies the set of supported ECDH curves.
In non-FIPS Envoy Proxy builds the default curves are:
- X25519
- P-256
In builds using BoringSSL FIPS the default curve is:
- P-256 |
| `signatureAlgorithms` | _string array_ | false | SignatureAlgorithms specifies which signature algorithms the listener should
support. |
-| `alpnProtocols` | _[ALPNProtocol](#alpnprotocol) array_ | false | ALPNProtocols supplies the list of ALPN protocols that should be
exposed by the listener. By default h2 and http/1.1 are enabled.
Supported values are:
- http/1.0
- http/1.1
- h2 |
+| `alpnProtocols` | _[ALPNProtocol](#alpnprotocol) array_ | false | ALPNProtocols supplies the list of ALPN protocols that should be
exposed by the listener or used by the proxy to connect to the backend.
Defaults:
1. HTTPS Routes: h2 and http/1.1 are enabled in listener context.
2. Other Routes: ALPN is disabled.
3. Backends: proxy uses the appropriate ALPN options for the backend protocol.
When an empty list is provided, the ALPN TLS extension is disabled.
Supported values are:
- http/1.0
- http/1.1
- h2 |
#### TLSVersion
@@ -3914,6 +4098,20 @@ _Appears in:_
| `matchLabels` | _object (keys:string, values:string)_ | true | MatchLabels are the set of label selectors for identifying the targeted resource |
+#### Timeout
+
+
+
+Timeout defines configuration for timeouts related to connections.
+
+_Appears in:_
+- [BackendTrafficPolicySpec](#backendtrafficpolicyspec)
+- [ClusterSettings](#clustersettings)
+
+| Field | Type | Required | Description |
+| --- | --- | --- | --- |
+| `tcp` | _[TCPTimeout](#tcptimeout)_ | false | Timeout settings for TCP. |
+| `http` | _[HTTPTimeout](#httptimeout)_ | false | Timeout settings for HTTP. |
#### TracingProvider
@@ -4014,6 +4212,7 @@ _Appears in:_
| `code` | _[WasmCodeSource](#wasmcodesource)_ | true | Code is the Wasm code for the extension. |
| `config` | _[JSON](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#json-v1-apiextensions-k8s-io)_ | false | Config is the configuration for the Wasm extension.
This configuration will be passed as a JSON string to the Wasm extension. |
| `failOpen` | _boolean_ | false | FailOpen is a switch used to control the behavior when a fatal error occurs
during the initialization or the execution of the Wasm extension.
If FailOpen is set to true, the system bypasses the Wasm extension and
allows the traffic to pass through. Otherwise, if it is set to false or
not set (defaulting to false), the system blocks the traffic and returns
an HTTP 5xx error. |
+| `env` | _[WasmEnv](#wasmenv)_ | false | Env configures the environment for the Wasm extension |
#### WasmCodeSource
@@ -4048,6 +4247,20 @@ _Appears in:_
| `Image` | ImageWasmCodeSourceType allows the user to specify the Wasm code in an OCI image.
|
+#### WasmEnv
+
+
+
+WasmEnv defines the environment variables for the VM of a Wasm extension
+
+_Appears in:_
+- [Wasm](#wasm)
+
+| Field | Type | Required | Description |
+| --- | --- | --- | --- |
+| `hostKeys` | _string array_ | false | HostKeys is a list of keys for environment variables from the host envoy process
that should be passed into the Wasm VM. This is useful for passing secrets to to Wasm extensions. |
+
+
#### WithUnderscoresAction
_Underlying type:_ _string_
@@ -4154,13 +4367,15 @@ _Appears in:_
XForwardedForSettings provides configuration for using X-Forwarded-For headers for determining the client IP address.
+Refer to https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#x-forwarded-for
+for more details.
_Appears in:_
- [ClientIPDetectionSettings](#clientipdetectionsettings)
| Field | Type | Required | Description |
| --- | --- | --- | --- |
-| `numTrustedHops` | _integer_ | false | NumTrustedHops controls the number of additional ingress proxy hops from the right side of XFF HTTP
headers to trust when determining the origin client's IP address.
Refer to https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#x-forwarded-for
for more details. |
+| `numTrustedHops` | _integer_ | false | NumTrustedHops controls the number of additional ingress proxy hops from the right side of XFF HTTP
headers to trust when determining the origin client's IP address.
Only one of NumTrustedHops and TrustedCIDRs must be set. |
#### ZipkinTracingProvider
diff --git a/test/cel-validation/clienttrafficpolicy_test.go b/test/cel-validation/clienttrafficpolicy_test.go
index 3558d1848f9..942afea1646 100644
--- a/test/cel-validation/clienttrafficpolicy_test.go
+++ b/test/cel-validation/clienttrafficpolicy_test.go
@@ -221,6 +221,89 @@ func TestClientTrafficPolicyTarget(t *testing.T) {
"spec.clientIPDetection: Invalid value: \"object\": customHeader cannot be used in conjunction with xForwardedFor",
},
},
+ {
+ desc: "clientIPDetection numTrustedHops and trustedCIDRs",
+ mutate: func(ctp *egv1a1.ClientTrafficPolicy) {
+ ctp.Spec = egv1a1.ClientTrafficPolicySpec{
+ PolicyTargetReferences: egv1a1.PolicyTargetReferences{
+ TargetRef: &gwapiv1a2.LocalPolicyTargetReferenceWithSectionName{
+ LocalPolicyTargetReference: gwapiv1a2.LocalPolicyTargetReference{
+ Group: gwapiv1a2.Group("gateway.networking.k8s.io"),
+ Kind: gwapiv1a2.Kind("Gateway"),
+ Name: gwapiv1a2.ObjectName("eg"),
+ },
+ },
+ },
+ ClientIPDetection: &egv1a1.ClientIPDetectionSettings{
+ XForwardedFor: &egv1a1.XForwardedForSettings{
+ NumTrustedHops: ptr.To(uint32(1)),
+ TrustedCIDRs: []egv1a1.CIDR{
+ "192.168.1.0/24",
+ "10.0.0.0/16",
+ "172.16.0.0/12",
+ },
+ },
+ },
+ }
+ },
+ wantErrors: []string{
+ "spec.clientIPDetection.xForwardedFor: Invalid value: \"object\": only one of numTrustedHops or trustedCIDRs must be set",
+ },
+ },
+ {
+ desc: "clientIPDetection invalid trustedCIDRs",
+ mutate: func(ctp *egv1a1.ClientTrafficPolicy) {
+ ctp.Spec = egv1a1.ClientTrafficPolicySpec{
+ PolicyTargetReferences: egv1a1.PolicyTargetReferences{
+ TargetRef: &gwapiv1a2.LocalPolicyTargetReferenceWithSectionName{
+ LocalPolicyTargetReference: gwapiv1a2.LocalPolicyTargetReference{
+ Group: gwapiv1a2.Group("gateway.networking.k8s.io"),
+ Kind: gwapiv1a2.Kind("Gateway"),
+ Name: gwapiv1a2.ObjectName("eg"),
+ },
+ },
+ },
+ ClientIPDetection: &egv1a1.ClientIPDetectionSettings{
+ XForwardedFor: &egv1a1.XForwardedForSettings{
+ TrustedCIDRs: []egv1a1.CIDR{
+ "192.0124.1.0/24",
+ "10.0.0.0/1645",
+ "17212.16.0.0/123",
+ },
+ },
+ },
+ }
+ },
+ wantErrors: []string{
+ "spec.clientIPDetection.xForwardedFor.trustedCIDRs[0]: Invalid value: \"192.0124.1.0/24\": spec.clientIPDetection.xForwardedFor.trustedCIDRs[0] in body should match '((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\/([0-9]+))|((([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))\\/([0-9]+))'",
+ },
+ },
+ {
+ desc: "clientIPDetection valid trustedCIDRs",
+ mutate: func(ctp *egv1a1.ClientTrafficPolicy) {
+ ctp.Spec = egv1a1.ClientTrafficPolicySpec{
+ PolicyTargetReferences: egv1a1.PolicyTargetReferences{
+ TargetRef: &gwapiv1a2.LocalPolicyTargetReferenceWithSectionName{
+ LocalPolicyTargetReference: gwapiv1a2.LocalPolicyTargetReference{
+ Group: gwapiv1a2.Group("gateway.networking.k8s.io"),
+ Kind: gwapiv1a2.Kind("Gateway"),
+ Name: gwapiv1a2.ObjectName("eg"),
+ },
+ },
+ },
+ ClientIPDetection: &egv1a1.ClientIPDetectionSettings{
+ XForwardedFor: &egv1a1.XForwardedForSettings{
+ TrustedCIDRs: []egv1a1.CIDR{
+ "192.168.1.0/24",
+ "10.0.0.0/16",
+ "172.16.0.0/12",
+ },
+ },
+ },
+ }
+ },
+ wantErrors: []string{},
+ },
{
desc: "http3 enabled and ALPN protocols not set with other TLS parameters set",
mutate: func(ctp *egv1a1.ClientTrafficPolicy) {
diff --git a/test/cel-validation/securitypolicy_test.go b/test/cel-validation/securitypolicy_test.go
index f00ee84260c..033726f2b56 100644
--- a/test/cel-validation/securitypolicy_test.go
+++ b/test/cel-validation/securitypolicy_test.go
@@ -566,6 +566,26 @@ func TestSecurityPolicyTarget(t *testing.T) {
},
wantErrors: []string{},
},
+ {
+ desc: "empty HTTP external auth service",
+ mutate: func(sp *egv1a1.SecurityPolicy) {
+ sp.Spec = egv1a1.SecurityPolicySpec{
+ ExtAuth: &egv1a1.ExtAuth{
+ HTTP: &egv1a1.HTTPExtAuthService{},
+ },
+ PolicyTargetReferences: egv1a1.PolicyTargetReferences{
+ TargetRef: &gwapiv1a2.LocalPolicyTargetReferenceWithSectionName{
+ LocalPolicyTargetReference: gwapiv1a2.LocalPolicyTargetReference{
+ Group: "gateway.networking.k8s.io",
+ Kind: "Gateway",
+ Name: "eg",
+ },
+ },
+ },
+ }
+ },
+ wantErrors: []string{" backendRef or backendRefs needs to be set"},
+ },
{
desc: "no extAuth",
mutate: func(sp *egv1a1.SecurityPolicy) {
@@ -657,36 +677,6 @@ func TestSecurityPolicyTarget(t *testing.T) {
" BackendRefs only supports Core and gateway.envoyproxy.io group.",
},
},
- {
- desc: "http extAuth service invalid Kind",
- mutate: func(sp *egv1a1.SecurityPolicy) {
- sp.Spec = egv1a1.SecurityPolicySpec{
- ExtAuth: &egv1a1.ExtAuth{
- HTTP: &egv1a1.HTTPExtAuthService{
- BackendCluster: egv1a1.BackendCluster{
- BackendRef: &gwapiv1.BackendObjectReference{
- Kind: ptr.To(gwapiv1.Kind("unsupported")),
- Name: "http-auth-service",
- Port: ptr.To(gwapiv1.PortNumber(15001)),
- },
- },
- },
- },
- PolicyTargetReferences: egv1a1.PolicyTargetReferences{
- TargetRef: &gwapiv1a2.LocalPolicyTargetReferenceWithSectionName{
- LocalPolicyTargetReference: gwapiv1a2.LocalPolicyTargetReference{
- Group: "gateway.networking.k8s.io",
- Kind: "Gateway",
- Name: "eg",
- },
- },
- },
- }
- },
- wantErrors: []string{
- "BackendRefs must be used, backendRef is not supported.",
- },
- },
{
desc: "http extAuth service backendRefs invalid Kind",
mutate: func(sp *egv1a1.SecurityPolicy) {
@@ -753,36 +743,6 @@ func TestSecurityPolicyTarget(t *testing.T) {
"BackendRefs only supports Core and gateway.envoyproxy.io group.",
},
},
- {
- desc: "grpc extAuth service invalid Kind",
- mutate: func(sp *egv1a1.SecurityPolicy) {
- sp.Spec = egv1a1.SecurityPolicySpec{
- ExtAuth: &egv1a1.ExtAuth{
- GRPC: &egv1a1.GRPCExtAuthService{
- BackendCluster: egv1a1.BackendCluster{
- BackendRef: &gwapiv1.BackendObjectReference{
- Kind: ptr.To(gwapiv1.Kind("unsupported")),
- Name: "http-auth-service",
- Port: ptr.To(gwapiv1.PortNumber(15001)),
- },
- },
- },
- },
- PolicyTargetReferences: egv1a1.PolicyTargetReferences{
- TargetRef: &gwapiv1a2.LocalPolicyTargetReferenceWithSectionName{
- LocalPolicyTargetReference: gwapiv1a2.LocalPolicyTargetReference{
- Group: "gateway.networking.k8s.io",
- Kind: "Gateway",
- Name: "eg",
- },
- },
- },
- }
- },
- wantErrors: []string{
- "BackendRefs must be used, backendRef is not supported.",
- },
- },
{
desc: "grpc extAuth service backendRefs invalid Kind",
mutate: func(sp *egv1a1.SecurityPolicy) {
diff --git a/test/e2e/base/manifests.yaml b/test/e2e/base/manifests.yaml
index c7390d6d70d..34ccc08390a 100644
--- a/test/e2e/base/manifests.yaml
+++ b/test/e2e/base/manifests.yaml
@@ -567,3 +567,38 @@ spec:
protocol: TCP
port: 19001
targetPort: 19001
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: static-file-server
+ namespace: gateway-conformance-infra
+spec:
+ selector:
+ app: static-file-server
+ ports:
+ - protocol: TCP
+ port: 80
+ targetPort: 8080
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: static-file-server
+ namespace: gateway-conformance-infra
+ labels:
+ app: static-file-server
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: static-file-server
+ template:
+ metadata:
+ labels:
+ app: static-file-server
+ spec:
+ containers:
+ - name: static-file-server
+ image: envoyproxy/gateway-static-file-server
+ imagePullPolicy: IfNotPresent
diff --git a/test/e2e/e2e_test.go b/test/e2e/e2e_test.go
index 7267bbd2d75..8e980152e3d 100644
--- a/test/e2e/e2e_test.go
+++ b/test/e2e/e2e_test.go
@@ -39,6 +39,18 @@ func TestE2E(t *testing.T) {
*flags.GatewayClassName, *flags.CleanupBaseResources, *flags.ShowDebug)
}
+ skipTests := []string{
+ tests.GatewayInfraResourceTest.ShortName, // https://github.com/envoyproxy/gateway/issues/3191
+ }
+
+ // Skip test only work on DualStack cluster
+ if tests.IPFamily != "dual" {
+ skipTests = append(skipTests,
+ tests.BackendDualStackTest.ShortName,
+ tests.HTTPRouteDualStackTest.ShortName,
+ )
+ }
+
cSuite, err := suite.NewConformanceTestSuite(suite.ConformanceOptions{
Client: c,
RestConfig: cfg,
@@ -50,9 +62,7 @@ func TestE2E(t *testing.T) {
// SupportedFeatures cannot be empty, so we set it to SupportGateway
// All e2e tests should leave Features empty.
SupportedFeatures: sets.New[features.FeatureName](features.SupportGateway),
- SkipTests: []string{
- tests.GatewayInfraResourceTest.ShortName, // https://github.com/envoyproxy/gateway/issues/3191
- },
+ SkipTests: skipTests,
AllowCRDsMismatch: *flags.AllowCRDsMismatch,
})
if err != nil {
diff --git a/test/e2e/testdata/authorization-jwt.yaml b/test/e2e/testdata/authorization-jwt.yaml
index 5d3e31ea12e..0c1b5e27c66 100644
--- a/test/e2e/testdata/authorization-jwt.yaml
+++ b/test/e2e/testdata/authorization-jwt.yaml
@@ -64,7 +64,7 @@ spec:
- name: example
issuer: https://foo.bar.com
remoteJWKS:
- uri: https://raw.githubusercontent.com/envoyproxy/gateway/refs/heads/main/examples/kubernetes/jwt/jwks.json
+ uri: http://static-file-server.gateway-conformance-infra/jwt/jwks.json
authorization:
defaultAction: Deny
rules:
@@ -97,7 +97,7 @@ spec:
- name: example
issuer: https://foo.bar.com
remoteJWKS:
- uri: https://raw.githubusercontent.com/envoyproxy/gateway/refs/heads/main/examples/kubernetes/jwt/jwks.json
+ uri: http://static-file-server.gateway-conformance-infra/jwt/jwks.json
authorization:
defaultAction: Deny
rules:
@@ -123,7 +123,7 @@ spec:
- name: example
issuer: https://foo.bar.com
remoteJWKS:
- uri: https://raw.githubusercontent.com/envoyproxy/gateway/refs/heads/main/examples/kubernetes/jwt/jwks.json
+ uri: http://static-file-server.gateway-conformance-infra/jwt/jwks.json
authorization:
defaultAction: Deny
rules:
diff --git a/test/e2e/testdata/ext-auth-http-securitypolicy.yaml b/test/e2e/testdata/ext-auth-http-securitypolicy.yaml
index c6a1e73c6a6..f79bbaf8745 100644
--- a/test/e2e/testdata/ext-auth-http-securitypolicy.yaml
+++ b/test/e2e/testdata/ext-auth-http-securitypolicy.yaml
@@ -47,8 +47,8 @@ spec:
name: http-with-ext-auth
extAuth:
http:
- backendRefs:
- - name: http-ext-auth
+ backendRef:
+ name: http-ext-auth
namespace: gateway-conformance-infra
port: 9002
headersToBackend: ["x-current-user"]
diff --git a/test/e2e/testdata/httproute-to-backend-ip.yaml b/test/e2e/testdata/httproute-to-backend-ip.yaml
index de1116d3f8e..599cbd3b332 100644
--- a/test/e2e/testdata/httproute-to-backend-ip.yaml
+++ b/test/e2e/testdata/httproute-to-backend-ip.yaml
@@ -6,7 +6,6 @@ metadata:
spec:
selector:
app: infra-backend-v1
- clusterIP: 10.96.96.96
ports:
- protocol: TCP
port: 8080
@@ -34,14 +33,3 @@ spec:
- group: gateway.envoyproxy.io
kind: Backend
name: backend-ip
----
-apiVersion: gateway.envoyproxy.io/v1alpha1
-kind: Backend
-metadata:
- name: backend-ip
- namespace: gateway-conformance-infra
-spec:
- endpoints:
- - ip:
- address: 10.96.96.96
- port: 8080
diff --git a/test/e2e/testdata/jwt-optional.yaml b/test/e2e/testdata/jwt-optional.yaml
index d5ca319fa03..1a6d2e01c5c 100644
--- a/test/e2e/testdata/jwt-optional.yaml
+++ b/test/e2e/testdata/jwt-optional.yaml
@@ -19,7 +19,7 @@ spec:
- claim: name
header: x-name
remoteJWKS:
- uri: https://raw.githubusercontent.com/envoyproxy/gateway/main/examples/kubernetes/jwt/jwks.json
+ uri: http://static-file-server.gateway-conformance-infra/jwt/jwks.json
optional: true
---
apiVersion: gateway.networking.k8s.io/v1
diff --git a/test/e2e/testdata/jwt.yaml b/test/e2e/testdata/jwt.yaml
index 01cb370651d..32b1d96dcc0 100644
--- a/test/e2e/testdata/jwt.yaml
+++ b/test/e2e/testdata/jwt.yaml
@@ -20,7 +20,7 @@ spec:
- claim: name
header: x-name
remoteJWKS:
- uri: https://raw.githubusercontent.com/envoyproxy/gateway/main/examples/kubernetes/jwt/jwks.json
+ uri: http://static-file-server.gateway-conformance-infra/jwt/jwks.json
---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
diff --git a/test/e2e/testdata/ratelimit-based-jwt-claims.yaml b/test/e2e/testdata/ratelimit-based-jwt-claims.yaml
index 2d01996c981..7c72421fed9 100644
--- a/test/e2e/testdata/ratelimit-based-jwt-claims.yaml
+++ b/test/e2e/testdata/ratelimit-based-jwt-claims.yaml
@@ -12,7 +12,7 @@ spec:
providers:
- name: example
remoteJWKS:
- uri: https://raw.githubusercontent.com/envoyproxy/gateway/main/examples/kubernetes/jwt/jwks.json
+ uri: http://static-file-server.gateway-conformance-infra/jwt/jwks.json
claimToHeaders:
- claim: name
header: x-claim-name
diff --git a/test/e2e/testdata/tlsroute-to-backend-ip.yaml b/test/e2e/testdata/tlsroute-to-backend-ip.yaml
index 7206078e2b5..49a39d61f3f 100644
--- a/test/e2e/testdata/tlsroute-to-backend-ip.yaml
+++ b/test/e2e/testdata/tlsroute-to-backend-ip.yaml
@@ -13,18 +13,7 @@ spec:
- backendRefs:
- group: gateway.envoyproxy.io
kind: Backend
- name: backend-ip
----
-apiVersion: gateway.envoyproxy.io/v1alpha1
-kind: Backend
-metadata:
- name: backend-ip
- namespace: gateway-conformance-infra
-spec:
- endpoints:
- - ip:
- address: 10.96.96.96
- port: 443
+ name: backend-tls-ip
---
apiVersion: v1
kind: Service
@@ -34,7 +23,6 @@ metadata:
spec:
selector:
app: tls-backend-2
- clusterIP: 10.96.96.96
ports:
- protocol: TCP
port: 443
diff --git a/test/e2e/testdata/wasm-http.yaml b/test/e2e/testdata/wasm-http.yaml
index 856d381a517..080fa3e4976 100644
--- a/test/e2e/testdata/wasm-http.yaml
+++ b/test/e2e/testdata/wasm-http.yaml
@@ -69,7 +69,7 @@ spec:
code:
type: HTTP
http:
- url: https://raw.githubusercontent.com/envoyproxy/examples/main/wasm-cc/lib/envoy_filter_http_wasm_example.wasm
+ url: http://static-file-server.gateway-conformance-infra/wasm/envoy_filter_http_wasm_example.wasm
sha256: 79c9f85128bb0177b6511afa85d587224efded376ac0ef76df56595f1e6315c0
---
apiVersion: gateway.envoyproxy.io/v1alpha1
@@ -88,4 +88,4 @@ spec:
code:
type: HTTP
http:
- url: https://raw.githubusercontent.com/envoyproxy/examples/main/wasm-cc/lib/envoy_filter_http_wasm_example.wasm
+ url: http://static-file-server.gateway-conformance-infra/wasm/envoy_filter_http_wasm_example.wasm
diff --git a/test/e2e/tests/backend_dualstack.go b/test/e2e/tests/backend_dualstack.go
index c7db450824e..63d23f69341 100644
--- a/test/e2e/tests/backend_dualstack.go
+++ b/test/e2e/tests/backend_dualstack.go
@@ -9,7 +9,6 @@
package tests
import (
- "os"
"testing"
"k8s.io/apimachinery/pkg/types"
@@ -20,11 +19,7 @@ import (
// If the environment is not dual, the IPv6 manifest cannot be applied, so the test will be skipped.
func init() {
- if os.Getenv("IP_FAMILY") == "dual" {
- ConformanceTests = append(ConformanceTests, BackendDualStackTest)
- } else {
- ConformanceTests = append(ConformanceTests, SkipBackendDualStackTest)
- }
+ ConformanceTests = append(ConformanceTests, BackendDualStackTest)
}
var BackendDualStackTest = suite.ConformanceTest{
@@ -63,11 +58,3 @@ func runBackendDualStackTest(t *testing.T, suite *suite.ConformanceTestSuite, ns
http.MakeRequestAndExpectEventuallyConsistentResponse(t, suite.RoundTripper, suite.TimeoutConfig, gwAddr, expectedResponse)
}
-
-var SkipBackendDualStackTest = suite.ConformanceTest{
- ShortName: "BackendDualStack",
- Description: "Skipping BackendDualStack test as IP_FAMILY is not dual",
- Test: func(t *testing.T, suite *suite.ConformanceTestSuite) {
- t.Skip("Skipping BackendDualStack test as IP_FAMILY is not dual")
- },
-}
diff --git a/test/e2e/tests/eg_upgrade.go b/test/e2e/tests/eg_upgrade.go
index 721b22d4c9c..75bd3fb2a42 100644
--- a/test/e2e/tests/eg_upgrade.go
+++ b/test/e2e/tests/eg_upgrade.go
@@ -52,7 +52,7 @@ var EGUpgradeTest = suite.ConformanceTest{
chartPath := "../../../charts/gateway-helm"
relName := "eg"
depNS := "envoy-gateway-system"
- lastVersionTag := "v1.1.2" // Default version tag if not specified
+ lastVersionTag := "v1.2.1" // the latest prior release
t.Logf("Upgrading from version: %s", lastVersionTag)
diff --git a/test/e2e/tests/envoy_shutdown.go b/test/e2e/tests/envoy_shutdown.go
index 24e6b334637..14a223ddef5 100644
--- a/test/e2e/tests/envoy_shutdown.go
+++ b/test/e2e/tests/envoy_shutdown.go
@@ -51,6 +51,9 @@ var EnvoyShutdownTest = suite.ConformanceTest{
t.Errorf("Failed to get proxy deployment")
}
+ // Wait for the grpc ext auth service pod to be ready
+ WaitForPods(t, suite.Client, "envoy-gateway-system", map[string]string{"gateway.envoyproxy.io/owning-gateway-name": name}, corev1.PodRunning, PodReady)
+
// wait for route to be programmed on envoy
expectedResponse := http.ExpectedResponse{
Request: http.Request{
@@ -79,7 +82,7 @@ var EnvoyShutdownTest = suite.ConformanceTest{
aborter.Abort(false) // abort the load either way
if err != nil {
- t.Errorf("Failed to rollout proxy deployment")
+ t.Errorf("Failed to rollout proxy deployment: %v", err)
}
// Wait for the goroutine to finish
@@ -141,7 +144,8 @@ func restartProxyAndWaitForRollout(t *testing.T, timeoutConfig config.TimeoutCon
return err
}
- return wait.PollUntilContextTimeout(ctx, 1*time.Second, timeoutConfig.CreateTimeout, true, func(ctx context.Context) (bool, error) {
+ // increase timeout for IPv6 first cluster
+ return wait.PollUntilContextTimeout(ctx, 2*time.Second, 2*timeoutConfig.CreateTimeout, true, func(ctx context.Context) (bool, error) {
// wait for replicaset with the same annotation to reach ready status
podList := &corev1.PodList{}
listOpts := []client.ListOption{
diff --git a/test/e2e/tests/gatewayt-with-envoyproxy.go b/test/e2e/tests/gatewayt-with-envoyproxy.go
index ec9f7252a5e..e3100105f71 100644
--- a/test/e2e/tests/gatewayt-with-envoyproxy.go
+++ b/test/e2e/tests/gatewayt-with-envoyproxy.go
@@ -9,6 +9,7 @@ package tests
import (
"context"
+ "net"
"testing"
"github.com/stretchr/testify/require"
@@ -47,7 +48,7 @@ var GatewayWithEnvoyProxy = suite.ConformanceTest{
// Verify that the RouteType is set to Service by the attached EnvoyProxy
Headers: map[string]string{
- "upstream-host": svc.Spec.ClusterIP + ":8080",
+ "upstream-host": net.JoinHostPort(svc.Spec.ClusterIP, "8080"),
},
},
Namespace: ns,
diff --git a/test/e2e/tests/httproute_dualstack.go b/test/e2e/tests/httproute_dualstack.go
index 0e969577870..b01fc392a12 100644
--- a/test/e2e/tests/httproute_dualstack.go
+++ b/test/e2e/tests/httproute_dualstack.go
@@ -9,7 +9,6 @@
package tests
import (
- "os"
"testing"
"k8s.io/apimachinery/pkg/types"
@@ -18,13 +17,8 @@ import (
"sigs.k8s.io/gateway-api/conformance/utils/suite"
)
-// If the environment is not dual, the IPv6 manifest cannot be applied, so the test will be skipped.
func init() {
- if os.Getenv("IP_FAMILY") == "dual" {
- ConformanceTests = append(ConformanceTests, HTTPRouteDualStackTest)
- } else {
- ConformanceTests = append(ConformanceTests, SkipHTTPRouteDualStackTest)
- }
+ ConformanceTests = append(ConformanceTests, HTTPRouteDualStackTest)
}
var HTTPRouteDualStackTest = suite.ConformanceTest{
@@ -63,11 +57,3 @@ func runHTTPRouteTest(t *testing.T, suite *suite.ConformanceTestSuite, ns string
http.MakeRequestAndExpectEventuallyConsistentResponse(t, suite.RoundTripper, suite.TimeoutConfig, gwAddr, expectedResponse)
}
-
-var SkipHTTPRouteDualStackTest = suite.ConformanceTest{
- ShortName: "HTTPRouteDualStack",
- Description: "Skipping HTTPRouteDualStack test as IP_FAMILY is not dual",
- Test: func(t *testing.T, suite *suite.ConformanceTestSuite) {
- t.Skip("Skipping HTTPRouteDualStack test as IP_FAMILY is not dual")
- },
-}
diff --git a/test/e2e/tests/httproute_with_backend.go b/test/e2e/tests/httproute_with_backend.go
index 7401e17c2f0..0bd7cc1ead1 100644
--- a/test/e2e/tests/httproute_with_backend.go
+++ b/test/e2e/tests/httproute_with_backend.go
@@ -21,7 +21,7 @@ func init() {
}
var EnvoyGatewayBackendTest = suite.ConformanceTest{
- ShortName: "EnvoyGatewayBackendTest",
+ ShortName: "EnvoyGatewayBackend",
Description: "Routes with a backend ref to a backend",
Manifests: []string{
"testdata/httproute-to-backend-fqdn.yaml",
@@ -51,11 +51,31 @@ var EnvoyGatewayBackendTest = suite.ConformanceTest{
})
t.Run("of type IP", func(t *testing.T) {
+ svcNN := types.NamespacedName{
+ Name: "infra-backend-v1-clusterip",
+ Namespace: "gateway-conformance-infra",
+ }
+ svc, err := GetService(suite.Client, svcNN)
+ if err != nil {
+ t.Fatalf("failed to get service %s: %v", svcNN, err)
+ }
+
+ backendIPName := "backend-ip"
ns := "gateway-conformance-infra"
+ err = CreateBackend(suite.Client, types.NamespacedName{Name: backendIPName, Namespace: ns}, svc.Spec.ClusterIP, 8080)
+ if err != nil {
+ t.Fatalf("failed to create backend %s: %v", backendIPName, err)
+ }
+ t.Cleanup(func() {
+ if err := DeleteBackend(suite.Client, types.NamespacedName{Name: backendIPName, Namespace: ns}); err != nil {
+ t.Fatalf("failed to delete backend %s: %v", backendIPName, err)
+ }
+ })
+
routeNN := types.NamespacedName{Name: "httproute-to-backend-ip", Namespace: ns}
gwNN := types.NamespacedName{Name: "same-namespace", Namespace: ns}
gwAddr := kubernetes.GatewayAndHTTPRoutesMustBeAccepted(t, suite.Client, suite.TimeoutConfig, suite.ControllerName, kubernetes.NewGatewayRef(gwNN), routeNN)
- BackendMustBeAccepted(t, suite.Client, types.NamespacedName{Name: "backend-ip", Namespace: ns})
+ BackendMustBeAccepted(t, suite.Client, types.NamespacedName{Name: backendIPName, Namespace: ns})
expectedResponse := http.ExpectedResponse{
Request: http.Request{
diff --git a/test/e2e/tests/ratelimit.go b/test/e2e/tests/ratelimit.go
index 17ce6d245cf..799b6bbece0 100644
--- a/test/e2e/tests/ratelimit.go
+++ b/test/e2e/tests/ratelimit.go
@@ -37,6 +37,10 @@ var RateLimitCIDRMatchTest = suite.ConformanceTest{
Description: "Limit all requests that match CIDR",
Manifests: []string{"testdata/ratelimit-cidr-match.yaml"},
Test: func(t *testing.T, suite *suite.ConformanceTestSuite) {
+ if IPFamily == "ipv6" {
+ t.Skip("Skipping test as IP_FAMILY is IPv6")
+ }
+
t.Run("block all ips", func(t *testing.T) {
ns := "gateway-conformance-infra"
routeNN := types.NamespacedName{Name: "cidr-ratelimit", Namespace: ns}
@@ -484,6 +488,10 @@ var RateLimitMultipleListenersTest = suite.ConformanceTest{
Description: "Limit requests on multiple listeners",
Manifests: []string{"testdata/ratelimit-multiple-listeners.yaml"},
Test: func(t *testing.T, suite *suite.ConformanceTestSuite) {
+ if IPFamily == "ipv6" {
+ t.Skip("Skipping test as IP_FAMILY is IPv6")
+ }
+
t.Run("block all ips on listener 80 and 8080", func(t *testing.T) {
ns := "gateway-conformance-infra"
routeNN := types.NamespacedName{Name: "cidr-ratelimit", Namespace: ns}
@@ -549,6 +557,10 @@ var RateLimitHeadersAndCIDRMatchTest = suite.ConformanceTest{
gwAddr := kubernetes.GatewayAndHTTPRoutesMustBeAccepted(t, suite.Client, suite.TimeoutConfig, suite.ControllerName, kubernetes.NewGatewayRef(gwNN), routeNN)
t.Run("all matched both headers and cidr can got limited", func(t *testing.T) {
+ if IPFamily == "ipv6" {
+ t.Skip("Skipping test as IP_FAMILY is IPv6")
+ }
+
requestHeaders := map[string]string{
"x-user-id": "one",
"x-user-org": "acme",
diff --git a/test/e2e/tests/tlsroute_with_backend.go b/test/e2e/tests/tlsroute_with_backend.go
index c43162ee94f..34ed2896116 100644
--- a/test/e2e/tests/tlsroute_with_backend.go
+++ b/test/e2e/tests/tlsroute_with_backend.go
@@ -35,14 +35,34 @@ var TLSRouteBackendFQDNTest = suite.ConformanceTest{
}
var TLSRouteBackendIPTest = suite.ConformanceTest{
- ShortName: "TLSRouteBackendIPTest",
+ ShortName: "TLSRouteBackendIP",
Description: "TLSRoutes with a backend ref to a Backend",
Manifests: []string{
"testdata/tlsroute-to-backend-ip.yaml",
},
Test: func(t *testing.T, suite *suite.ConformanceTestSuite) {
t.Run("TLSRoute with a IP type Backend", func(t *testing.T) {
- testTLSRouteWithBackend(t, suite, "tlsroute-to-backend-ip", "backend-ip")
+ svcNN := types.NamespacedName{
+ Name: "tls-backend-2-clusterip",
+ Namespace: "gateway-conformance-infra",
+ }
+ svc, err := GetService(suite.Client, svcNN)
+ if err != nil {
+ t.Fatalf("failed to get service %s: %v", svcNN, err)
+ }
+
+ backendIPName := "backend-tls-ip"
+ ns := "gateway-conformance-infra"
+ err = CreateBackend(suite.Client, types.NamespacedName{Name: backendIPName, Namespace: ns}, svc.Spec.ClusterIP, 443)
+ if err != nil {
+ t.Fatalf("failed to create backend %s: %v", backendIPName, err)
+ }
+ t.Cleanup(func() {
+ if err := DeleteBackend(suite.Client, types.NamespacedName{Name: backendIPName, Namespace: ns}); err != nil {
+ t.Fatalf("failed to delete backend %s: %v", backendIPName, err)
+ }
+ })
+ testTLSRouteWithBackend(t, suite, "tlsroute-to-backend-ip", backendIPName)
})
},
}
diff --git a/test/e2e/tests/utils.go b/test/e2e/tests/utils.go
index 53aeb8b96a7..484e41922e1 100644
--- a/test/e2e/tests/utils.go
+++ b/test/e2e/tests/utils.go
@@ -14,6 +14,8 @@ import (
"net"
"net/http"
"net/url"
+ "os"
+ "strconv"
"strings"
"testing"
"time"
@@ -43,6 +45,8 @@ import (
tb "github.com/envoyproxy/gateway/internal/troubleshoot"
)
+var IPFamily = os.Getenv("IP_FAMILY")
+
const defaultServiceStartupTimeout = 5 * time.Minute
var PodReady = corev1.PodCondition{Type: corev1.PodReady, Status: corev1.ConditionTrue}
@@ -400,7 +404,7 @@ func RetrieveURL(c client.Client, nn types.NamespacedName, port int32, path stri
default:
host = fmt.Sprintf("%s.%s.svc", nn.Name, nn.Namespace)
}
- return fmt.Sprintf("http://%s:%d%s", host, port, path), nil
+ return fmt.Sprintf("http://%s%s", net.JoinHostPort(host, strconv.Itoa(int(port))), path), nil
}
var metricParser = &expfmt.TextParser{}
@@ -560,7 +564,7 @@ func QueryLogCountFromLoki(t *testing.T, c client.Client, keyValues map[string]s
params := url.Values{}
params.Add("query", q)
params.Add("start", fmt.Sprintf("%d", time.Now().Add(-10*time.Minute).Unix())) // query logs from last 10 minutes
- lokiQueryURL := fmt.Sprintf("http://%s:3100/loki/api/v1/query_range?%s", lokiHost, params.Encode())
+ lokiQueryURL := fmt.Sprintf("http://%s/loki/api/v1/query_range?%s", net.JoinHostPort(lokiHost, "3100"), params.Encode())
res, err := http.DefaultClient.Get(lokiQueryURL)
if err != nil {
return -1, err
@@ -692,3 +696,39 @@ func CollectAndDump(t *testing.T, rest *rest.Config) {
tlog.Logf(t, "\ndata: \n%s", data)
}
}
+
+func GetService(c client.Client, nn types.NamespacedName) (*corev1.Service, error) {
+ svc := &corev1.Service{}
+ if err := c.Get(context.Background(), nn, svc); err != nil {
+ return nil, err
+ }
+ return svc, nil
+}
+
+func CreateBackend(c client.Client, nn types.NamespacedName, clusterIP string, port int32) error {
+ backend := &egv1a1.Backend{
+ ObjectMeta: metav1.ObjectMeta{
+ Namespace: nn.Namespace,
+ Name: nn.Name,
+ },
+ Spec: egv1a1.BackendSpec{
+ Endpoints: []egv1a1.BackendEndpoint{
+ {
+ IP: &egv1a1.IPEndpoint{
+ Address: clusterIP,
+ Port: port,
+ },
+ },
+ },
+ },
+ }
+ return c.Create(context.TODO(), backend)
+}
+
+func DeleteBackend(c client.Client, nn types.NamespacedName) error {
+ backend := &egv1a1.Backend{}
+ if err := c.Get(context.Background(), nn, backend); err != nil {
+ return err
+ }
+ return c.Delete(context.Background(), backend)
+}
diff --git a/test/e2e/upgrade/eg_upgrade_test.go b/test/e2e/upgrade/eg_upgrade_test.go
index b93a3bab0df..9af99c81c90 100644
--- a/test/e2e/upgrade/eg_upgrade_test.go
+++ b/test/e2e/upgrade/eg_upgrade_test.go
@@ -10,9 +10,12 @@ package upgrade
import (
"flag"
"io/fs"
+ "os"
"testing"
"k8s.io/apimachinery/pkg/util/sets"
+ "sigs.k8s.io/controller-runtime/pkg/log"
+ "sigs.k8s.io/controller-runtime/pkg/log/zap"
"sigs.k8s.io/gateway-api/conformance/utils/flags"
"sigs.k8s.io/gateway-api/conformance/utils/suite"
"sigs.k8s.io/gateway-api/conformance/utils/tlog"
@@ -25,6 +28,7 @@ import (
func TestEGUpgrade(t *testing.T) {
flag.Parse()
+ log.SetLogger(zap.New(zap.WriteTo(os.Stderr), zap.UseDevMode(true)))
c, cfg := kubetest.NewClient(t)
@@ -36,6 +40,14 @@ func TestEGUpgrade(t *testing.T) {
*flags.GatewayClassName, *flags.CleanupBaseResources, *flags.ShowDebug)
}
+ var skipTests []string
+ // previous did not support ipv6, so skip upgrade tests for ipv6
+ if tests.IPFamily == "ipv6" {
+ skipTests = append(skipTests,
+ tests.EGUpgradeTest.ShortName,
+ )
+ }
+
cSuite, err := suite.NewConformanceTestSuite(suite.ConformanceOptions{
Client: c,
RestConfig: cfg,
@@ -46,7 +58,7 @@ func TestEGUpgrade(t *testing.T) {
RunTest: *flags.RunTest,
BaseManifests: "upgrade/manifests.yaml",
SupportedFeatures: sets.New[features.FeatureName](features.SupportGateway),
- SkipTests: []string{},
+ SkipTests: skipTests,
})
if err != nil {
t.Fatalf("Failed to create test suite: %v", err)
diff --git a/test/utils/prometheus/prometheus.go b/test/utils/prometheus/prometheus.go
index c59a8f12ebb..bc62da2cc07 100644
--- a/test/utils/prometheus/prometheus.go
+++ b/test/utils/prometheus/prometheus.go
@@ -8,6 +8,7 @@ package prometheus
import (
"context"
"fmt"
+ "net"
"time"
prom "github.com/prometheus/client_golang/api"
@@ -36,7 +37,7 @@ func NewClient(kubeClient client.Client, nn types.NamespacedName) (*Client, erro
var addr string
for _, ing := range svc.Status.LoadBalancer.Ingress {
if len(ing.IP) > 0 {
- addr = fmt.Sprintf("http://%s", ing.IP)
+ addr = fmt.Sprintf("http://%s", net.JoinHostPort(ing.IP, "80"))
}
}
diff --git a/tools/docker/envoy-gateway/Dockerfile b/tools/docker/envoy-gateway/Dockerfile
index 5fef537da10..44fff0beb98 100644
--- a/tools/docker/envoy-gateway/Dockerfile
+++ b/tools/docker/envoy-gateway/Dockerfile
@@ -4,7 +4,7 @@ RUN mkdir -p /var/lib/eg
# Use distroless as minimal base image to package the manager binary
# Refer to https://github.com/GoogleContainerTools/distroless for more details
-FROM gcr.io/distroless/static:nonroot@sha256:3a03fc0826340c7deb82d4755ca391bef5adcedb8892e58412e1a6008199fa91
+FROM gcr.io/distroless/static:nonroot@sha256:d71f4b239be2d412017b798a0a401c44c3049a3ca454838473a4c32ed076bfea
ARG TARGETPLATFORM
COPY $TARGETPLATFORM/envoy-gateway /usr/local/bin/
COPY --from=source --chown=65532:65532 /var/lib /var/lib
diff --git a/tools/hack/create-cluster.sh b/tools/hack/create-cluster.sh
index ad3cff1cd92..d1601cb83b6 100755
--- a/tools/hack/create-cluster.sh
+++ b/tools/hack/create-cluster.sh
@@ -14,6 +14,9 @@ kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
networking:
ipFamily: ${IP_FAMILY}
+ # it's to prevent inherit search domains from the host which slows down DNS resolution
+ # and cause problems to IPv6 only clusters running on IPv4 host.
+ dnsSearch: []
nodes:
- role: control-plane
EOM
diff --git a/tools/make/docs.mk b/tools/make/docs.mk
index 761fb183d75..d6fcfe8832c 100644
--- a/tools/make/docs.mk
+++ b/tools/make/docs.mk
@@ -89,7 +89,7 @@ docs-api-gen: $(tools/crd-ref-docs)
--config=tools/crd-ref-docs/config.yaml \
--templates-dir=tools/crd-ref-docs/templates \
--output-path=site/content/en/latest/api/extension_types.md \
- --max-depth 10 \
+ --max-depth 100 \
--renderer=markdown
# below line copy command for sync English api doc into Chinese
cp site/content/en/latest/api/extension_types.md site/content/zh/latest/api/extension_types.md
diff --git a/tools/make/examples.mk b/tools/make/examples.mk
index 5caf9846e63..839d376aa19 100644
--- a/tools/make/examples.mk
+++ b/tools/make/examples.mk
@@ -1,5 +1,5 @@
-EXAMPLE_APPS := grpc-ext-auth envoy-als grpc-ext-proc http-ext-auth preserve-case-backend
+EXAMPLE_APPS := grpc-ext-auth envoy-als grpc-ext-proc http-ext-auth preserve-case-backend static-file-server
EXAMPLE_IMAGE_PREFIX ?= envoyproxy/gateway-
EXAMPLE_TAG ?= latest
@@ -17,4 +17,13 @@ kube-install-examples-image: kube-build-examples-image
@$(LOG_TARGET)
@for app in $(EXAMPLE_APPS); do \
tools/hack/kind-load-image.sh $(EXAMPLE_IMAGE_PREFIX)$$app $(EXAMPLE_TAG); \
- done
\ No newline at end of file
+ done
+
+.PHONY: go.mod.tidy.examples
+go.mod.tidy.examples:
+ @$(LOG_TARGET)
+ @for app in $(EXAMPLE_APPS); do \
+ pushd $(ROOT_DIR)/examples/$$app; \
+ go mod tidy -compat=$(GO_VERSION); \
+ popd; \
+ done
diff --git a/tools/make/golang.mk b/tools/make/golang.mk
index 4c0d38bf83e..4f4dce00faa 100644
--- a/tools/make/golang.mk
+++ b/tools/make/golang.mk
@@ -84,7 +84,7 @@ go.mod.tidy: ## Update and check dependences with go mod tidy.
.PHONY: go.mod.lint
lint: go.mod.lint
-go.mod.lint: go.mod.tidy ## Check if go.mod is clean
+go.mod.lint: go.mod.tidy go.mod.tidy.examples ## Check if go.mod is clean
@$(LOG_TARGET)
@if test -n "$$(git status -s -- go.mod go.sum)"; then \
git diff --exit-code go.mod; \
diff --git a/tools/make/kube.mk b/tools/make/kube.mk
index d53c1931360..122e089b79e 100644
--- a/tools/make/kube.mk
+++ b/tools/make/kube.mk
@@ -22,7 +22,8 @@ BENCHMARK_REPORT_DIR ?= benchmark_report
E2E_RUN_TEST ?=
E2E_CLEANUP ?= true
-E2E_TEST_ARGS ?= -v -tags e2e -timeout 20m
+E2E_TIMEOUT ?= 20m
+E2E_TEST_ARGS ?= -v -tags e2e -timeout $(E2E_TIMEOUT)
# Set Kubernetes Resources Directory Path
ifeq ($(origin KUBE_PROVIDER_DIR),undefined)
diff --git a/tools/src/buf/go.mod b/tools/src/buf/go.mod
index d8bea4a9f7c..1b7b86cdd53 100644
--- a/tools/src/buf/go.mod
+++ b/tools/src/buf/go.mod
@@ -1,11 +1,11 @@
module local
-go 1.23.1
+go 1.23.3
-require github.com/bufbuild/buf v1.46.0
+require github.com/bufbuild/buf v1.47.2
require (
- buf.build/gen/go/bufbuild/bufplugin/protocolbuffers/go v1.35.1-20241023225133-42bdb4b67625.1 // indirect
+ buf.build/gen/go/bufbuild/bufplugin/protocolbuffers/go v1.35.1-20241031151143-70f632351282.1 // indirect
buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.35.1-20240920164238-5a7b106cbb87.1 // indirect
buf.build/gen/go/bufbuild/registry/connectrpc/go v1.17.0-20241025140216-aa40f2c93090.1 // indirect
buf.build/gen/go/bufbuild/registry/protocolbuffers/go v1.35.1-20241025140216-aa40f2c93090.1 // indirect
@@ -13,24 +13,26 @@ require (
buf.build/go/bufplugin v0.6.0 // indirect
buf.build/go/protoyaml v0.2.0 // indirect
buf.build/go/spdx v0.2.0 // indirect
+ cel.dev/expr v0.18.0 // indirect
connectrpc.com/connect v1.17.0 // indirect
connectrpc.com/otelconnect v0.7.1 // indirect
github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
github.com/Microsoft/go-winio v0.6.2 // indirect
- github.com/Microsoft/hcsshim v0.12.7 // indirect
+ github.com/Microsoft/hcsshim v0.12.9 // indirect
github.com/antlr4-go/antlr/v4 v4.13.1 // indirect
github.com/bufbuild/protocompile v0.14.1 // indirect
github.com/bufbuild/protoplugin v0.0.0-20240911180120-7bb73e41a54a // indirect
github.com/bufbuild/protovalidate-go v0.7.3-0.20241015162221-1446f1e1d576 // indirect
github.com/containerd/cgroups/v3 v3.0.3 // indirect
github.com/containerd/containerd v1.7.23 // indirect
- github.com/containerd/continuity v0.4.3 // indirect
- github.com/containerd/errdefs v0.3.0 // indirect
+ github.com/containerd/continuity v0.4.4 // indirect
+ github.com/containerd/errdefs v1.0.0 // indirect
+ github.com/containerd/errdefs/pkg v0.3.0 // indirect
github.com/containerd/log v0.1.0 // indirect
github.com/containerd/platforms v0.2.1 // indirect
github.com/containerd/stargz-snapshotter/estargz v0.15.1 // indirect
- github.com/containerd/ttrpc v1.2.5 // indirect
- github.com/containerd/typeurl/v2 v2.2.0 // indirect
+ github.com/containerd/ttrpc v1.2.6 // indirect
+ github.com/containerd/typeurl/v2 v2.2.3 // indirect
github.com/cpuguy83/go-md2man/v2 v2.0.5 // indirect
github.com/distribution/reference v0.6.0 // indirect
github.com/docker/cli v27.3.1+incompatible // indirect
@@ -48,9 +50,9 @@ require (
github.com/gofrs/flock v0.12.1 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
- github.com/google/cel-go v0.21.0 // indirect
+ github.com/google/cel-go v0.22.0 // indirect
github.com/google/go-containerregistry v0.20.2 // indirect
- github.com/google/pprof v0.0.0-20241017200806-017d972448fc // indirect
+ github.com/google/pprof v0.0.0-20241101162523-b92577c0c142 // indirect
github.com/google/uuid v1.6.0 // indirect
github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
@@ -69,7 +71,7 @@ require (
github.com/moby/sys/userns v0.1.0 // indirect
github.com/moby/term v0.5.0 // indirect
github.com/morikuni/aec v1.0.0 // indirect
- github.com/onsi/ginkgo/v2 v2.20.2 // indirect
+ github.com/onsi/ginkgo/v2 v2.21.0 // indirect
github.com/opencontainers/go-digest v1.0.0 // indirect
github.com/opencontainers/image-spec v1.1.0 // indirect
github.com/opencontainers/runtime-spec v1.2.0 // indirect
@@ -94,29 +96,28 @@ require (
go.lsp.dev/protocol v0.12.0 // indirect
go.lsp.dev/uri v0.3.0 // indirect
go.opencensus.io v0.24.0 // indirect
- go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.56.0 // indirect
- go.opentelemetry.io/otel v1.31.0 // indirect
+ go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.57.0 // indirect
+ go.opentelemetry.io/otel v1.32.0 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.22.0 // indirect
- go.opentelemetry.io/otel/metric v1.31.0 // indirect
+ go.opentelemetry.io/otel/metric v1.32.0 // indirect
go.opentelemetry.io/otel/sdk v1.30.0 // indirect
- go.opentelemetry.io/otel/trace v1.31.0 // indirect
- go.uber.org/atomic v1.11.0 // indirect
+ go.opentelemetry.io/otel/trace v1.32.0 // indirect
go.uber.org/mock v0.5.0 // indirect
go.uber.org/multierr v1.11.0 // indirect
go.uber.org/zap v1.27.0 // indirect
go.uber.org/zap/exp v0.3.0 // indirect
- golang.org/x/crypto v0.28.0 // indirect
- golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c // indirect
- golang.org/x/mod v0.21.0 // indirect
- golang.org/x/net v0.30.0 // indirect
- golang.org/x/sync v0.8.0 // indirect
- golang.org/x/sys v0.26.0 // indirect
- golang.org/x/term v0.25.0 // indirect
- golang.org/x/text v0.19.0 // indirect
- golang.org/x/tools v0.26.0 // indirect
- google.golang.org/genproto/googleapis/api v0.0.0-20240930140551-af27646dc61f // indirect
- google.golang.org/genproto/googleapis/rpc v0.0.0-20240930140551-af27646dc61f // indirect
- google.golang.org/grpc v1.67.1 // indirect
+ golang.org/x/crypto v0.29.0 // indirect
+ golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f // indirect
+ golang.org/x/mod v0.22.0 // indirect
+ golang.org/x/net v0.31.0 // indirect
+ golang.org/x/sync v0.9.0 // indirect
+ golang.org/x/sys v0.27.0 // indirect
+ golang.org/x/term v0.26.0 // indirect
+ golang.org/x/text v0.20.0 // indirect
+ golang.org/x/tools v0.27.0 // indirect
+ google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 // indirect
+ google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28 // indirect
+ google.golang.org/grpc v1.68.0 // indirect
google.golang.org/protobuf v1.35.1 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
pluginrpc.com/pluginrpc v0.5.0 // indirect
diff --git a/tools/src/buf/go.sum b/tools/src/buf/go.sum
index b2a67028e40..9e7bf68b94e 100644
--- a/tools/src/buf/go.sum
+++ b/tools/src/buf/go.sum
@@ -1,5 +1,5 @@
-buf.build/gen/go/bufbuild/bufplugin/protocolbuffers/go v1.35.1-20241023225133-42bdb4b67625.1 h1:O31Hu5Oho5suEWOD7FuMU9vfzeQT07ukTu4YuBVjLbw=
-buf.build/gen/go/bufbuild/bufplugin/protocolbuffers/go v1.35.1-20241023225133-42bdb4b67625.1/go.mod h1:rYPnjsUZ2lGpoQ/T322HWZQil9/MIZF2njP+/u/0GKg=
+buf.build/gen/go/bufbuild/bufplugin/protocolbuffers/go v1.35.1-20241031151143-70f632351282.1 h1:APVDdZ4VfUvERVIj//yDjCWV7WezEOiK7+b6gvJ+iAk=
+buf.build/gen/go/bufbuild/bufplugin/protocolbuffers/go v1.35.1-20241031151143-70f632351282.1/go.mod h1:rYPnjsUZ2lGpoQ/T322HWZQil9/MIZF2njP+/u/0GKg=
buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.35.1-20240920164238-5a7b106cbb87.1 h1:9wP6ZZYWnF2Z0TxmII7m3XNykxnP4/w8oXeth6ekcRI=
buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.35.1-20240920164238-5a7b106cbb87.1/go.mod h1:Duw/9JoXkXIydyASnLYIiufkzySThoqavOsF+IihqvM=
buf.build/gen/go/bufbuild/registry/connectrpc/go v1.17.0-20241025140216-aa40f2c93090.1 h1:FHQXg3T7S2jp8yc7/bQJgqEH1yza/rrDHXITUK2Tm0g=
@@ -14,6 +14,8 @@ buf.build/go/protoyaml v0.2.0 h1:2g3OHjtLDqXBREIOjpZGHmQ+U/4mkN1YiQjxNB68Ip8=
buf.build/go/protoyaml v0.2.0/go.mod h1:L/9QvTDkTWcDTzAL6HMfN+mYC6CmZRm2KnsUA054iL0=
buf.build/go/spdx v0.2.0 h1:IItqM0/cMxvFJJumcBuP8NrsIzMs/UYjp/6WSpq8LTw=
buf.build/go/spdx v0.2.0/go.mod h1:bXdwQFem9Si3nsbNy8aJKGPoaPi5DKwdeEp5/ArZ6w8=
+cel.dev/expr v0.18.0 h1:CJ6drgk+Hf96lkLikr4rFf19WrU0BOWEihyZnI2TAzo=
+cel.dev/expr v0.18.0/go.mod h1:MrpN08Q+lEBs+bGYdLxxHkZoUSsCp0nSKTs0nTymJgw=
cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
connectrpc.com/connect v1.17.0 h1:W0ZqMhtVzn9Zhn2yATuUokDLO5N+gIuBWMOnsQrfmZk=
connectrpc.com/connect v1.17.0/go.mod h1:0292hj1rnx8oFrStN7cB4jjVBeqs+Yx5yDIC2prWDO8=
@@ -26,12 +28,12 @@ github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg6
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
-github.com/Microsoft/hcsshim v0.12.7 h1:MP6R1spmjxTE4EU4J3YsrTxn8CjvN9qwjTKJXldFaRg=
-github.com/Microsoft/hcsshim v0.12.7/go.mod h1:HPbAuJ9BvQYYZbB4yEQcyGIsTP5L4yHKeO9XO149AEM=
+github.com/Microsoft/hcsshim v0.12.9 h1:2zJy5KA+l0loz1HzEGqyNnjd3fyZA31ZBCGKacp6lLg=
+github.com/Microsoft/hcsshim v0.12.9/go.mod h1:fJ0gkFAna6ukt0bLdKB8djt4XIJhF/vEPuoIWYVvZ8Y=
github.com/antlr4-go/antlr/v4 v4.13.1 h1:SqQKkuVZ+zWkMMNkjy5FZe5mr5WURWnlpmOuzYWrPrQ=
github.com/antlr4-go/antlr/v4 v4.13.1/go.mod h1:GKmUxMtwp6ZgGwZSva4eWPC5mS6vUAmOABFgjdkM7Nw=
-github.com/bufbuild/buf v1.46.0 h1:QqlFiy2l0F+hhyTF9xm7j91E7ovGyZVnneG2y38F0rk=
-github.com/bufbuild/buf v1.46.0/go.mod h1:oN16LKwdlgji2eHLn3R07dxnQjxm9Q0pdUor5VXj3H8=
+github.com/bufbuild/buf v1.47.2 h1:fA5e2yVQGabxAz7W5aNbO7Fku1P6TpoHhjs1wER1pOc=
+github.com/bufbuild/buf v1.47.2/go.mod h1:1Xd0QG0a1uCGk7cODUenpQ8E5l7bj2Ry9tnUfERm1YI=
github.com/bufbuild/protocompile v0.14.1 h1:iA73zAf/fyljNjQKwYzUHD6AD4R8KMasmwa/FBatYVw=
github.com/bufbuild/protocompile v0.14.1/go.mod h1:ppVdAIhbr2H8asPk6k4pY7t9zB1OU5DoEw9xY/FUi1c=
github.com/bufbuild/protoplugin v0.0.0-20240911180120-7bb73e41a54a h1:l3RhVoG0RtC61h6TVWnkniGj4TgBebuyPQRdleFAmTg=
@@ -56,20 +58,22 @@ github.com/containerd/cgroups/v3 v3.0.3 h1:S5ByHZ/h9PMe5IOQoN7E+nMc2UcLEM/V48DGD
github.com/containerd/cgroups/v3 v3.0.3/go.mod h1:8HBe7V3aWGLFPd/k03swSIsGjZhHI2WzJmticMgVuz0=
github.com/containerd/containerd v1.7.23 h1:H2CClyUkmpKAGlhQp95g2WXHfLYc7whAuvZGBNYOOwQ=
github.com/containerd/containerd v1.7.23/go.mod h1:7QUzfURqZWCZV7RLNEn1XjUCQLEf0bkaK4GjUaZehxw=
-github.com/containerd/continuity v0.4.3 h1:6HVkalIp+2u1ZLH1J/pYX2oBVXlJZvh1X1A7bEZ9Su8=
-github.com/containerd/continuity v0.4.3/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ=
-github.com/containerd/errdefs v0.3.0 h1:FSZgGOeK4yuT/+DnF07/Olde/q4KBoMsaamhXxIMDp4=
-github.com/containerd/errdefs v0.3.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M=
+github.com/containerd/continuity v0.4.4 h1:/fNVfTJ7wIl/YPMHjf+5H32uFhl63JucB34PlCpMKII=
+github.com/containerd/continuity v0.4.4/go.mod h1:/lNJvtJKUQStBzpVQ1+rasXO1LAWtUQssk28EZvJ3nE=
+github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI=
+github.com/containerd/errdefs v1.0.0/go.mod h1:+YBYIdtsnF4Iw6nWZhJcqGSg/dwvV7tyJ/kCkyJ2k+M=
+github.com/containerd/errdefs/pkg v0.3.0 h1:9IKJ06FvyNlexW690DXuQNx2KA2cUJXx151Xdx3ZPPE=
+github.com/containerd/errdefs/pkg v0.3.0/go.mod h1:NJw6s9HwNuRhnjJhM7pylWwMyAkmCQvQ4GpJHEqRLVk=
github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
github.com/containerd/platforms v0.2.1 h1:zvwtM3rz2YHPQsF2CHYM8+KtB5dvhISiXh5ZpSBQv6A=
github.com/containerd/platforms v0.2.1/go.mod h1:XHCb+2/hzowdiut9rkudds9bE5yJ7npe7dG/wG+uFPw=
github.com/containerd/stargz-snapshotter/estargz v0.15.1 h1:eXJjw9RbkLFgioVaTG+G/ZW/0kEe2oEKCdS/ZxIyoCU=
github.com/containerd/stargz-snapshotter/estargz v0.15.1/go.mod h1:gr2RNwukQ/S9Nv33Lt6UC7xEx58C+LHRdoqbEKjz1Kk=
-github.com/containerd/ttrpc v1.2.5 h1:IFckT1EFQoFBMG4c3sMdT8EP3/aKfumK1msY+Ze4oLU=
-github.com/containerd/ttrpc v1.2.5/go.mod h1:YCXHsb32f+Sq5/72xHubdiJRQY9inL4a4ZQrAbN1q9o=
-github.com/containerd/typeurl/v2 v2.2.0 h1:6NBDbQzr7I5LHgp34xAXYF5DOTQDn05X58lsPEmzLso=
-github.com/containerd/typeurl/v2 v2.2.0/go.mod h1:8XOOxnyatxSWuG8OfsZXVnAF4iZfedjS/8UHSPJnX4g=
+github.com/containerd/ttrpc v1.2.6 h1:zG+Kn5EZ6MUYCS1t2Hmt2J4tMVaLSFEJVOraDQwNPC4=
+github.com/containerd/ttrpc v1.2.6/go.mod h1:YCXHsb32f+Sq5/72xHubdiJRQY9inL4a4ZQrAbN1q9o=
+github.com/containerd/typeurl/v2 v2.2.3 h1:yNA/94zxWdvYACdYO8zofhrTVuQY73fFU1y++dYSw40=
+github.com/containerd/typeurl/v2 v2.2.3/go.mod h1:95ljDnPfD3bAbDJRugOiShd/DlAAsxGtUBhJxIn7SCk=
github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
github.com/cpuguy83/go-md2man/v2 v2.0.5 h1:ZtcqGrnekaHpVLArFSe4HK5DoKx1T0rq2DwVB0alcyc=
github.com/cpuguy83/go-md2man/v2 v2.0.5/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
@@ -133,8 +137,10 @@ github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:W
github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/google/cel-go v0.21.0 h1:cl6uW/gxN+Hy50tNYvI691+sXxioCnstFzLp2WO4GCI=
-github.com/google/cel-go v0.21.0/go.mod h1:rHUlWCcBKgyEk+eV03RPdZUekPp6YcJwV0FxuUksYxc=
+github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
+github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
+github.com/google/cel-go v0.22.0 h1:b3FJZxpiv1vTMo2/5RDUqAHPxkT8mmMfJIrq1llbf7g=
+github.com/google/cel-go v0.22.0/go.mod h1:BuznPXXfQDpXKWQ9sPW3TzlAJN5zzFe+i9tIs0yC4s8=
github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
@@ -147,8 +153,8 @@ github.com/google/go-containerregistry v0.20.2 h1:B1wPJ1SN/S7pB+ZAimcciVD+r+yV/l
github.com/google/go-containerregistry v0.20.2/go.mod h1:z38EKdKh4h7IP2gSfUUqEvalZBqs6AoLeWfUy34nQC8=
github.com/google/pprof v0.0.0-20211214055906-6f57359322fd/go.mod h1:KgnwoLYCZ8IQu3XUZ8Nc/bM9CCZFOyjUNOSygVozoDg=
github.com/google/pprof v0.0.0-20240227163752-401108e1b7e7/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik=
-github.com/google/pprof v0.0.0-20241017200806-017d972448fc h1:NGyrhhFhwvRAZg02jnYVg3GBQy0qGBKmFQJwaPmpmxs=
-github.com/google/pprof v0.0.0-20241017200806-017d972448fc/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
+github.com/google/pprof v0.0.0-20241101162523-b92577c0c142 h1:sAGdeJj0bnMgUNVeUpp6AYlVdCt3/GdI3pGRqsNSQLs=
+github.com/google/pprof v0.0.0-20241101162523-b92577c0c142/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
@@ -199,10 +205,10 @@ github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0=
github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y=
github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
-github.com/onsi/ginkgo/v2 v2.20.2 h1:7NVCeyIWROIAheY21RLS+3j2bb52W0W82tkberYytp4=
-github.com/onsi/ginkgo/v2 v2.20.2/go.mod h1:K9gyxPIlb+aIvnZ8bd9Ak+YP18w3APlR+5coaZoE2ag=
-github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k=
-github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY=
+github.com/onsi/ginkgo/v2 v2.21.0 h1:7rg/4f3rB88pb5obDgNZrNHrQ4e6WpjonchcpuBRnZM=
+github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo=
+github.com/onsi/gomega v1.34.2 h1:pNCwDkzrsv7MS9kpaQvVb1aVLahQXyJ/Tv5oAZMI3i8=
+github.com/onsi/gomega v1.34.2/go.mod h1:v1xfxRgk0KIsG+QOdm7p8UosrOzPYRo60fd3B/1Dukc=
github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug=
@@ -270,26 +276,24 @@ go.lsp.dev/uri v0.3.0 h1:KcZJmh6nFIBeJzTugn5JTU6OOyG0lDOo3R9KwTxTYbo=
go.lsp.dev/uri v0.3.0/go.mod h1:P5sbO1IQR+qySTWOCnhnK7phBx+W3zbLqSMDJNTw88I=
go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.56.0 h1:UP6IpuHFkUgOQL9FFQFrZ+5LiwhhYRbi7VZSIx6Nj5s=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.56.0/go.mod h1:qxuZLtbq5QDtdeSHsS7bcf6EH6uO6jUAgk764zd3rhM=
-go.opentelemetry.io/otel v1.31.0 h1:NsJcKPIW0D0H3NgzPDHmo0WW6SptzPdqg/L1zsIm2hY=
-go.opentelemetry.io/otel v1.31.0/go.mod h1:O0C14Yl9FgkjqcCZAsE053C13OaddMYr/hz6clDkEJE=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.57.0 h1:DheMAlT6POBP+gh8RUH19EOTnQIor5QE0uSRPtzCpSw=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.57.0/go.mod h1:wZcGmeVO9nzP67aYSLDqXNWK87EZWhi7JWj1v7ZXf94=
+go.opentelemetry.io/otel v1.32.0 h1:WnBN+Xjcteh0zdk01SVqV55d/m62NJLJdIyb4y/WO5U=
+go.opentelemetry.io/otel v1.32.0/go.mod h1:00DCVSB0RQcnzlwyTfqtxSm+DRr9hpYrHjNGiBHVQIg=
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.22.0 h1:9M3+rhx7kZCIQQhQRYaZCdNu1V73tm4TvXs2ntl98C4=
go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.22.0/go.mod h1:noq80iT8rrHP1SfybmPiRGc9dc5M8RPmGvtwo7Oo7tc=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.19.0 h1:IeMeyr1aBvBiPVYihXIaeIZba6b8E1bYp7lbdxK8CQg=
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.19.0/go.mod h1:oVdCUtjq9MK9BlS7TtucsQwUcXcymNiEDjgDD2jMtZU=
-go.opentelemetry.io/otel/metric v1.31.0 h1:FSErL0ATQAmYHUIzSezZibnyVlft1ybhy4ozRPcF2fE=
-go.opentelemetry.io/otel/metric v1.31.0/go.mod h1:C3dEloVbLuYoX41KpmAhOqNriGbA+qqH6PQ5E5mUfnY=
+go.opentelemetry.io/otel/metric v1.32.0 h1:xV2umtmNcThh2/a/aCP+h64Xx5wsj8qqnkYZktzNa0M=
+go.opentelemetry.io/otel/metric v1.32.0/go.mod h1:jH7CIbbK6SH2V2wE16W05BHCtIDzauciCRLoc/SyMv8=
go.opentelemetry.io/otel/sdk v1.30.0 h1:cHdik6irO49R5IysVhdn8oaiR9m8XluDaJAs4DfOrYE=
go.opentelemetry.io/otel/sdk v1.30.0/go.mod h1:p14X4Ok8S+sygzblytT1nqG98QG2KYKv++HE0LY/mhg=
go.opentelemetry.io/otel/sdk/metric v1.19.0 h1:EJoTO5qysMsYCa+w4UghwFV/ptQgqSL/8Ni+hx+8i1k=
go.opentelemetry.io/otel/sdk/metric v1.19.0/go.mod h1:XjG0jQyFJrv2PbMvwND7LwCEhsJzCzV5210euduKcKY=
-go.opentelemetry.io/otel/trace v1.31.0 h1:ffjsj1aRouKewfr85U2aGagJ46+MvodynlQ1HYdmJys=
-go.opentelemetry.io/otel/trace v1.31.0/go.mod h1:TXZkRk7SM2ZQLtR6eoAWQFIHPvzQ06FJAsO1tJg480A=
+go.opentelemetry.io/otel/trace v1.32.0 h1:WIC9mYrXf8TmY/EXuULKc8hR17vE+Hjv2cssQDe03fM=
+go.opentelemetry.io/otel/trace v1.32.0/go.mod h1:+i4rkvCraA+tG6AzwloGaCtkx53Fa+L+V8e9a7YvhT8=
go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I=
go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM=
-go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE=
-go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0=
go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto=
go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE=
go.uber.org/mock v0.5.0 h1:KAMbZvZPyBPWgD14IrIQ38QCyjwpvVVV6K/bHl1IwQU=
@@ -303,18 +307,18 @@ go.uber.org/zap/exp v0.3.0/go.mod h1:5I384qq7XGxYyByIhHm6jg5CHkGY0nsTfbDLgDDlgJQ
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw=
-golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U=
+golang.org/x/crypto v0.29.0 h1:L5SG1JTTXupVV3n6sUqMTeWbjAyfPwoda2DLX8J8FrQ=
+golang.org/x/crypto v0.29.0/go.mod h1:+F4F4N5hv6v38hfeYwTdx20oUvLLc+QfrE9Ax9HtgRg=
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c h1:7dEasQXItcW1xKJ2+gg5VOiBnqWrJc+rq0DPKyvvdbY=
-golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c/go.mod h1:NQtJDoLvd6faHhE7m4T/1IY708gDefGGjR/iUW8yQQ8=
+golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f h1:XdNn9LlyWAhLVp6P/i8QYBW+hlyhrhei9uErw2B5GJo=
+golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f/go.mod h1:D5SMRVC3C2/4+F/DB1wZsLRnSNimn2Sp/NPsCrsv8ak=
golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0=
-golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
+golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4=
+golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -324,16 +328,16 @@ golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLL
golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4=
-golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU=
+golang.org/x/net v0.31.0 h1:68CPQngjLL0r2AlUKiSxtQFKvzRVbnzLwMUn5SzcLHo=
+golang.org/x/net v0.31.0/go.mod h1:P4fl1q7dY2hnZFxEk4pPSkDHF+QqjitcnDjUQyMM+pM=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ=
-golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.9.0 h1:fEo0HyrW1GIgZdpbhCRO0PkJajUS5H9IFUztCgEo2jQ=
+golang.org/x/sync v0.9.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -344,14 +348,14 @@ golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5/go.mod h1:oPkhp1MJrh7nUepCBc
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo=
-golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24=
-golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M=
+golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s=
+golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/term v0.26.0 h1:WEQa6V3Gja/BhNxg540hBip/kkaYtRg3cxg4oXSw4AU=
+golang.org/x/term v0.26.0/go.mod h1:Si5m1o57C5nBNQo5z1iq+XDijt21BDBDp2bK0QI8e3E=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM=
-golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
+golang.org/x/text v0.20.0 h1:gK/Kv2otX8gz+wn7Rmb3vT96ZwuoxnQlY+HlJVj7Qug=
+golang.org/x/text v0.20.0/go.mod h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4=
golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -362,8 +366,8 @@ golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBn
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ=
-golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0=
+golang.org/x/tools v0.27.0 h1:qEKojBykQkQ4EynWy4S8Weg69NumxKdn40Fce3uc/8o=
+golang.org/x/tools v0.27.0/go.mod h1:sUi0ZgbwW9ZPAq26Ekut+weQPR5eIM6GQLQ1Yjm1H0Q=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -373,17 +377,17 @@ google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7
google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto/googleapis/api v0.0.0-20240930140551-af27646dc61f h1:jTm13A2itBi3La6yTGqn8bVSrc3ZZ1r8ENHlIXBfnRA=
-google.golang.org/genproto/googleapis/api v0.0.0-20240930140551-af27646dc61f/go.mod h1:CLGoBuH1VHxAUXVPP8FfPwPEVJB6lz3URE5mY2SuayE=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240930140551-af27646dc61f h1:cUMEy+8oS78BWIH9OWazBkzbr090Od9tWBNtZHkOhf0=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20240930140551-af27646dc61f/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU=
+google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 h1:M0KvPgPmDZHPlbRbaNU1APr28TvwvvdUPlSv7PUvy8g=
+google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28/go.mod h1:dguCy7UOdZhTvLzDyt15+rOrawrpM4q7DD9dQ1P11P4=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28 h1:XVhgTWWV3kGQlwJHR3upFWZeTsei6Oks1apkZSeonIE=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI=
google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.67.1 h1:zWnc1Vrcno+lHZCOofnIMvycFcc0QRGIzm9dhnDX68E=
-google.golang.org/grpc v1.67.1/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA=
+google.golang.org/grpc v1.68.0 h1:aHQeeJbo8zAkAa3pRzrVjZlbz6uSfeOXlJNQM0RAbz0=
+google.golang.org/grpc v1.68.0/go.mod h1:fmSPC5AsjSBCK54MyHRx48kpOti1/jRfOlwEWywNjWA=
google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
diff --git a/tools/src/crd-ref-docs/go.mod b/tools/src/crd-ref-docs/go.mod
index 017b54837b8..5d5bcd374a3 100644
--- a/tools/src/crd-ref-docs/go.mod
+++ b/tools/src/crd-ref-docs/go.mod
@@ -1,6 +1,6 @@
module local
-go 1.23.1
+go 1.23.3
require github.com/elastic/crd-ref-docs v0.1.0
diff --git a/tools/src/gci/go.mod b/tools/src/gci/go.mod
index 382ffae2274..bf8d0ac7a5c 100644
--- a/tools/src/gci/go.mod
+++ b/tools/src/gci/go.mod
@@ -1,6 +1,6 @@
module local
-go 1.23.1
+go 1.23.3
require github.com/daixiang0/gci v0.13.4
diff --git a/tools/src/golangci-lint/go.mod b/tools/src/golangci-lint/go.mod
index e73d754d4b9..d7d2cdce1f2 100644
--- a/tools/src/golangci-lint/go.mod
+++ b/tools/src/golangci-lint/go.mod
@@ -1,35 +1,35 @@
module local
-go 1.23.1
+go 1.23.3
-require github.com/golangci/golangci-lint v1.61.0
+require github.com/golangci/golangci-lint v1.62.0
require (
4d63.com/gocheckcompilerdirectives v1.2.1 // indirect
4d63.com/gochecknoglobals v0.2.1 // indirect
github.com/4meepo/tagalign v1.3.4 // indirect
- github.com/Abirdcfly/dupword v0.1.1 // indirect
- github.com/Antonboom/errname v0.1.13 // indirect
- github.com/Antonboom/nilnil v0.1.9 // indirect
- github.com/Antonboom/testifylint v1.4.3 // indirect
+ github.com/Abirdcfly/dupword v0.1.3 // indirect
+ github.com/Antonboom/errname v1.0.0 // indirect
+ github.com/Antonboom/nilnil v1.0.0 // indirect
+ github.com/Antonboom/testifylint v1.5.0 // indirect
github.com/BurntSushi/toml v1.4.1-0.20240526193622-a339e1f7089c // indirect
github.com/Crocmagnon/fatcontext v0.5.2 // indirect
github.com/Djarvur/go-err113 v0.0.0-20210108212216-aea10b59be24 // indirect
github.com/GaijinEntertainment/go-exhaustruct/v3 v3.3.0 // indirect
github.com/Masterminds/semver/v3 v3.3.0 // indirect
github.com/OpenPeeDeeP/depguard/v2 v2.2.0 // indirect
- github.com/alecthomas/go-check-sumtype v0.1.4 // indirect
- github.com/alexkohler/nakedret/v2 v2.0.4 // indirect
+ github.com/alecthomas/go-check-sumtype v0.2.0 // indirect
+ github.com/alexkohler/nakedret/v2 v2.0.5 // indirect
github.com/alexkohler/prealloc v1.0.0 // indirect
github.com/alingse/asasalint v0.0.11 // indirect
github.com/ashanbrown/forbidigo v1.6.0 // indirect
github.com/ashanbrown/makezero v1.1.1 // indirect
github.com/beorn7/perks v1.0.1 // indirect
- github.com/bkielbasa/cyclop v1.2.1 // indirect
+ github.com/bkielbasa/cyclop v1.2.3 // indirect
github.com/blizzy78/varnamelen v0.8.0 // indirect
github.com/bombsimon/wsl/v4 v4.4.1 // indirect
- github.com/breml/bidichk v0.2.7 // indirect
- github.com/breml/errchkjson v0.3.6 // indirect
+ github.com/breml/bidichk v0.3.2 // indirect
+ github.com/breml/errchkjson v0.4.0 // indirect
github.com/butuzov/ireturn v0.3.0 // indirect
github.com/butuzov/mirror v1.2.0 // indirect
github.com/catenacyber/perfsprint v0.7.1 // indirect
@@ -37,19 +37,19 @@ require (
github.com/cespare/xxhash/v2 v2.1.2 // indirect
github.com/charithe/durationcheck v0.0.10 // indirect
github.com/chavacava/garif v0.1.0 // indirect
- github.com/ckaznocha/intrange v0.2.0 // indirect
+ github.com/ckaznocha/intrange v0.2.1 // indirect
github.com/curioswitch/go-reassign v0.2.0 // indirect
github.com/daixiang0/gci v0.13.5 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/denis-tingaikin/go-header v0.5.0 // indirect
github.com/ettle/strcase v0.2.0 // indirect
- github.com/fatih/color v1.17.0 // indirect
+ github.com/fatih/color v1.18.0 // indirect
github.com/fatih/structtag v1.2.0 // indirect
github.com/firefart/nonamedreturns v1.0.5 // indirect
github.com/fsnotify/fsnotify v1.5.4 // indirect
github.com/fzipp/gocyclo v0.6.0 // indirect
- github.com/ghostiam/protogetter v0.3.6 // indirect
- github.com/go-critic/go-critic v0.11.4 // indirect
+ github.com/ghostiam/protogetter v0.3.8 // indirect
+ github.com/go-critic/go-critic v0.11.5 // indirect
github.com/go-toolsmith/astcast v1.1.0 // indirect
github.com/go-toolsmith/astcopy v1.1.0 // indirect
github.com/go-toolsmith/astequal v1.2.0 // indirect
@@ -57,12 +57,13 @@ require (
github.com/go-toolsmith/astp v1.1.0 // indirect
github.com/go-toolsmith/strparse v1.1.0 // indirect
github.com/go-toolsmith/typep v1.1.0 // indirect
- github.com/go-viper/mapstructure/v2 v2.1.0 // indirect
+ github.com/go-viper/mapstructure/v2 v2.2.1 // indirect
github.com/go-xmlfmt/xmlfmt v1.1.2 // indirect
github.com/gobwas/glob v0.2.3 // indirect
github.com/gofrs/flock v0.12.1 // indirect
github.com/golang/protobuf v1.5.3 // indirect
github.com/golangci/dupl v0.0.0-20180902072040-3e9179ac440a // indirect
+ github.com/golangci/go-printf-func-name v0.1.0 // indirect
github.com/golangci/gofmt v0.0.0-20240816233607-d8596aa466a9 // indirect
github.com/golangci/misspell v0.6.0 // indirect
github.com/golangci/modinfo v0.3.4 // indirect
@@ -81,20 +82,18 @@ require (
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/jgautheron/goconst v1.7.1 // indirect
github.com/jingyugao/rowserrcheck v1.1.1 // indirect
- github.com/jirfag/go-printf-func-name v0.0.0-20200119135958-7558a9eaa5af // indirect
github.com/jjti/go-spancheck v0.6.2 // indirect
github.com/julz/importas v0.1.0 // indirect
github.com/karamaru-alpha/copyloopvar v1.1.0 // indirect
- github.com/kisielk/errcheck v1.7.0 // indirect
+ github.com/kisielk/errcheck v1.8.0 // indirect
github.com/kkHAIKE/contextcheck v1.1.5 // indirect
github.com/kulti/thelper v0.6.3 // indirect
github.com/kunwardeep/paralleltest v1.0.10 // indirect
github.com/kyoh86/exportloopref v0.1.11 // indirect
- github.com/lasiar/canonicalheader v1.1.1 // indirect
+ github.com/lasiar/canonicalheader v1.1.2 // indirect
github.com/ldez/gomoddirectives v0.2.4 // indirect
github.com/ldez/tagliatelle v0.5.0 // indirect
github.com/leonklingele/grouper v1.1.2 // indirect
- github.com/lufeee/execinquery v1.2.1 // indirect
github.com/macabu/inamedparam v0.1.3 // indirect
github.com/magiconair/properties v1.8.6 // indirect
github.com/maratori/testableexamples v1.0.0 // indirect
@@ -102,16 +101,16 @@ require (
github.com/matoous/godox v0.0.0-20230222163458-006bad1f9d26 // indirect
github.com/mattn/go-colorable v0.1.13 // indirect
github.com/mattn/go-isatty v0.0.20 // indirect
- github.com/mattn/go-runewidth v0.0.9 // indirect
+ github.com/mattn/go-runewidth v0.0.16 // indirect
github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
- github.com/mgechev/revive v1.3.9 // indirect
+ github.com/mgechev/revive v1.5.0 // indirect
github.com/mitchellh/go-homedir v1.1.0 // indirect
github.com/mitchellh/mapstructure v1.5.0 // indirect
github.com/moricho/tparallel v0.3.2 // indirect
github.com/nakabonne/nestif v0.3.1 // indirect
github.com/nishanths/exhaustive v0.12.0 // indirect
github.com/nishanths/predeclared v0.2.2 // indirect
- github.com/nunnatsa/ginkgolinter v0.16.2 // indirect
+ github.com/nunnatsa/ginkgolinter v0.18.0 // indirect
github.com/olekukonko/tablewriter v0.0.5 // indirect
github.com/pelletier/go-toml v1.9.5 // indirect
github.com/pelletier/go-toml/v2 v2.2.3 // indirect
@@ -126,18 +125,21 @@ require (
github.com/quasilyte/gogrep v0.5.0 // indirect
github.com/quasilyte/regex/syntax v0.0.0-20210819130434-b3f0c404a727 // indirect
github.com/quasilyte/stdinfo v0.0.0-20220114132959-f7386bf02567 // indirect
+ github.com/raeperd/recvcheck v0.1.2 // indirect
+ github.com/rivo/uniseg v0.4.7 // indirect
+ github.com/rogpeppe/go-internal v1.13.1 // indirect
github.com/ryancurrah/gomodguard v1.3.5 // indirect
github.com/ryanrolds/sqlclosecheck v0.5.1 // indirect
github.com/sanposhiho/wastedassign/v2 v2.0.7 // indirect
github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 // indirect
github.com/sashamelentyev/interfacebloat v1.1.0 // indirect
github.com/sashamelentyev/usestdlibvars v1.27.0 // indirect
- github.com/securego/gosec/v2 v2.21.2 // indirect
+ github.com/securego/gosec/v2 v2.21.4 // indirect
github.com/shazow/go-diff v0.0.0-20160112020656-b6b7b6733b8c // indirect
github.com/sirupsen/logrus v1.9.3 // indirect
github.com/sivchari/containedctx v1.0.3 // indirect
- github.com/sivchari/tenv v1.10.0 // indirect
- github.com/sonatard/noctx v0.0.2 // indirect
+ github.com/sivchari/tenv v1.12.1 // indirect
+ github.com/sonatard/noctx v0.1.0 // indirect
github.com/sourcegraph/go-diff v0.7.0 // indirect
github.com/spf13/afero v1.11.0 // indirect
github.com/spf13/cast v1.5.0 // indirect
@@ -151,32 +153,33 @@ require (
github.com/stretchr/testify v1.9.0 // indirect
github.com/subosito/gotenv v1.4.1 // indirect
github.com/tdakkota/asciicheck v0.2.0 // indirect
- github.com/tetafro/godot v1.4.17 // indirect
+ github.com/tetafro/godot v1.4.18 // indirect
github.com/timakin/bodyclose v0.0.0-20230421092635-574207250966 // indirect
- github.com/timonwong/loggercheck v0.9.4 // indirect
+ github.com/timonwong/loggercheck v0.10.1 // indirect
github.com/tomarrell/wrapcheck/v2 v2.9.0 // indirect
github.com/tommy-muehle/go-mnd/v2 v2.5.1 // indirect
github.com/ultraware/funlen v0.1.0 // indirect
github.com/ultraware/whitespace v0.1.1 // indirect
github.com/uudashr/gocognit v1.1.3 // indirect
+ github.com/uudashr/iface v1.2.0 // indirect
github.com/xen0n/gosmopolitan v1.2.2 // indirect
github.com/yagipy/maintidx v1.0.0 // indirect
github.com/yeya24/promlinter v0.3.0 // indirect
github.com/ykadowak/zerologlint v0.1.5 // indirect
gitlab.com/bosi/decorder v0.4.2 // indirect
- go-simpler.org/musttag v0.12.2 // indirect
+ go-simpler.org/musttag v0.13.0 // indirect
go-simpler.org/sloglint v0.7.2 // indirect
go.uber.org/atomic v1.7.0 // indirect
- go.uber.org/automaxprocs v1.5.3 // indirect
+ go.uber.org/automaxprocs v1.6.0 // indirect
go.uber.org/multierr v1.6.0 // indirect
go.uber.org/zap v1.24.0 // indirect
- golang.org/x/exp v0.0.0-20240904232852-e7e105dedf7e // indirect
- golang.org/x/exp/typeparams v0.0.0-20240314144324-c7f7c6466f7f // indirect
- golang.org/x/mod v0.21.0 // indirect
- golang.org/x/sync v0.8.0 // indirect
- golang.org/x/sys v0.25.0 // indirect
+ golang.org/x/exp v0.0.0-20240909161429-701f63a606c0 // indirect
+ golang.org/x/exp/typeparams v0.0.0-20240909161429-701f63a606c0 // indirect
+ golang.org/x/mod v0.22.0 // indirect
+ golang.org/x/sync v0.9.0 // indirect
+ golang.org/x/sys v0.27.0 // indirect
golang.org/x/text v0.18.0 // indirect
- golang.org/x/tools v0.24.0 // indirect
+ golang.org/x/tools v0.27.0 // indirect
google.golang.org/protobuf v1.34.2 // indirect
gopkg.in/ini.v1 v1.67.0 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
diff --git a/tools/src/golangci-lint/go.sum b/tools/src/golangci-lint/go.sum
index de6bd9d31a7..c8205a75d73 100644
--- a/tools/src/golangci-lint/go.sum
+++ b/tools/src/golangci-lint/go.sum
@@ -37,14 +37,14 @@ cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9
dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
github.com/4meepo/tagalign v1.3.4 h1:P51VcvBnf04YkHzjfclN6BbsopfJR5rxs1n+5zHt+w8=
github.com/4meepo/tagalign v1.3.4/go.mod h1:M+pnkHH2vG8+qhE5bVc/zeP7HS/j910Fwa9TUSyZVI0=
-github.com/Abirdcfly/dupword v0.1.1 h1:Bsxe0fIw6OwBtXMIncaTxCLHYO5BB+3mcsR5E8VXloY=
-github.com/Abirdcfly/dupword v0.1.1/go.mod h1:B49AcJdTYYkpd4HjgAcutNGG9HZ2JWwKunH9Y2BA6sM=
-github.com/Antonboom/errname v0.1.13 h1:JHICqsewj/fNckzrfVSe+T33svwQxmjC+1ntDsHOVvM=
-github.com/Antonboom/errname v0.1.13/go.mod h1:uWyefRYRN54lBg6HseYCFhs6Qjcy41Y3Jl/dVhA87Ns=
-github.com/Antonboom/nilnil v0.1.9 h1:eKFMejSxPSA9eLSensFmjW2XTgTwJMjZ8hUHtV4s/SQ=
-github.com/Antonboom/nilnil v0.1.9/go.mod h1:iGe2rYwCq5/Me1khrysB4nwI7swQvjclR8/YRPl5ihQ=
-github.com/Antonboom/testifylint v1.4.3 h1:ohMt6AHuHgttaQ1xb6SSnxCeK4/rnK7KKzbvs7DmEck=
-github.com/Antonboom/testifylint v1.4.3/go.mod h1:+8Q9+AOLsz5ZiQiiYujJKs9mNz398+M6UgslP4qgJLA=
+github.com/Abirdcfly/dupword v0.1.3 h1:9Pa1NuAsZvpFPi9Pqkd93I7LIYRURj+A//dFd5tgBeE=
+github.com/Abirdcfly/dupword v0.1.3/go.mod h1:8VbB2t7e10KRNdwTVoxdBaxla6avbhGzb8sCTygUMhw=
+github.com/Antonboom/errname v1.0.0 h1:oJOOWR07vS1kRusl6YRSlat7HFnb3mSfMl6sDMRoTBA=
+github.com/Antonboom/errname v1.0.0/go.mod h1:gMOBFzK/vrTiXN9Oh+HFs+e6Ndl0eTFbtsRTSRdXyGI=
+github.com/Antonboom/nilnil v1.0.0 h1:n+v+B12dsE5tbAqRODXmEKfZv9j2KcTBrp+LkoM4HZk=
+github.com/Antonboom/nilnil v1.0.0/go.mod h1:fDJ1FSFoLN6yoG65ANb1WihItf6qt9PJVTn/s2IrcII=
+github.com/Antonboom/testifylint v1.5.0 h1:dlUIsDMtCrZWUnvkaCz3quJCoIjaGi41GzjPBGkkJ8A=
+github.com/Antonboom/testifylint v1.5.0/go.mod h1:wqaJbu0Blb5Wag2wv7Z5xt+CIV+eVLxtGZrlK13z3AE=
github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
github.com/BurntSushi/toml v1.4.1-0.20240526193622-a339e1f7089c h1:pxW6RcqyfI9/kWtOwnv/G+AzdKuy2ZrqINhenH4HyNs=
github.com/BurntSushi/toml v1.4.1-0.20240526193622-a339e1f7089c/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho=
@@ -61,8 +61,8 @@ github.com/OpenPeeDeeP/depguard/v2 v2.2.0 h1:vDfG60vDtIuf0MEOhmLlLLSzqaRM8EMcgJP
github.com/OpenPeeDeeP/depguard/v2 v2.2.0/go.mod h1:CIzddKRvLBC4Au5aYP/i3nyaWQ+ClszLIuVocRiCYFQ=
github.com/alecthomas/assert/v2 v2.2.2 h1:Z/iVC0xZfWTaFNE6bA3z07T86hd45Xe2eLt6WVy2bbk=
github.com/alecthomas/assert/v2 v2.2.2/go.mod h1:pXcQ2Asjp247dahGEmsZ6ru0UVwnkhktn7S0bBDLxvQ=
-github.com/alecthomas/go-check-sumtype v0.1.4 h1:WCvlB3l5Vq5dZQTFmodqL2g68uHiSwwlWcT5a2FGK0c=
-github.com/alecthomas/go-check-sumtype v0.1.4/go.mod h1:WyYPfhfkdhyrdaligV6svFopZV8Lqdzn5pyVBaV6jhQ=
+github.com/alecthomas/go-check-sumtype v0.2.0 h1:Bo+e4DFf3rs7ME9w/0SU/g6nmzJaphduP8Cjiz0gbwY=
+github.com/alecthomas/go-check-sumtype v0.2.0/go.mod h1:WyYPfhfkdhyrdaligV6svFopZV8Lqdzn5pyVBaV6jhQ=
github.com/alecthomas/repr v0.2.0 h1:HAzS41CIzNW5syS8Mf9UwXhNH1J9aix/BvDRf1Ml2Yk=
github.com/alecthomas/repr v0.2.0/go.mod h1:Fr0507jx4eOXV7AlPV6AVZLYrLIuIeSOWtW57eE/O/4=
github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
@@ -70,8 +70,8 @@ github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuy
github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
-github.com/alexkohler/nakedret/v2 v2.0.4 h1:yZuKmjqGi0pSmjGpOC016LtPJysIL0WEUiaXW5SUnNg=
-github.com/alexkohler/nakedret/v2 v2.0.4/go.mod h1:bF5i0zF2Wo2o4X4USt9ntUWve6JbFv02Ff4vlkmS/VU=
+github.com/alexkohler/nakedret/v2 v2.0.5 h1:fP5qLgtwbx9EJE8dGEERT02YwS8En4r9nnZ71RK+EVU=
+github.com/alexkohler/nakedret/v2 v2.0.5/go.mod h1:bF5i0zF2Wo2o4X4USt9ntUWve6JbFv02Ff4vlkmS/VU=
github.com/alexkohler/prealloc v1.0.0 h1:Hbq0/3fJPQhNkN0dR95AVrr6R7tou91y0uHG5pOcUuw=
github.com/alexkohler/prealloc v1.0.0/go.mod h1:VetnK3dIgFBBKmg0YnD9F9x6Icjd+9cvfHR56wJVlKE=
github.com/alingse/asasalint v0.0.11 h1:SFwnQXJ49Kx/1GghOFz1XGqHYKp21Kq1nHad/0WQRnw=
@@ -86,16 +86,16 @@ github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24
github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
-github.com/bkielbasa/cyclop v1.2.1 h1:AeF71HZDob1P2/pRm1so9cd1alZnrpyc4q2uP2l0gJY=
-github.com/bkielbasa/cyclop v1.2.1/go.mod h1:K/dT/M0FPAiYjBgQGau7tz+3TMh4FWAEqlMhzFWCrgM=
+github.com/bkielbasa/cyclop v1.2.3 h1:faIVMIGDIANuGPWH031CZJTi2ymOQBULs9H21HSMa5w=
+github.com/bkielbasa/cyclop v1.2.3/go.mod h1:kHTwA9Q0uZqOADdupvcFJQtp/ksSnytRMe8ztxG8Fuo=
github.com/blizzy78/varnamelen v0.8.0 h1:oqSblyuQvFsW1hbBHh1zfwrKe3kcSj0rnXkKzsQ089M=
github.com/blizzy78/varnamelen v0.8.0/go.mod h1:V9TzQZ4fLJ1DSrjVDfl89H7aMnTvKkApdHeyESmyR7k=
github.com/bombsimon/wsl/v4 v4.4.1 h1:jfUaCkN+aUpobrMO24zwyAMwMAV5eSziCkOKEauOLdw=
github.com/bombsimon/wsl/v4 v4.4.1/go.mod h1:Xu/kDxGZTofQcDGCtQe9KCzhHphIe0fDuyWTxER9Feo=
-github.com/breml/bidichk v0.2.7 h1:dAkKQPLl/Qrk7hnP6P+E0xOodrq8Us7+U0o4UBOAlQY=
-github.com/breml/bidichk v0.2.7/go.mod h1:YodjipAGI9fGcYM7II6wFvGhdMYsC5pHDlGzqvEW3tQ=
-github.com/breml/errchkjson v0.3.6 h1:VLhVkqSBH96AvXEyclMR37rZslRrY2kcyq+31HCsVrA=
-github.com/breml/errchkjson v0.3.6/go.mod h1:jhSDoFheAF2RSDOlCfhHO9KqhZgAYLyvHe7bRCX8f/U=
+github.com/breml/bidichk v0.3.2 h1:xV4flJ9V5xWTqxL+/PMFF6dtJPvZLPsyixAoPe8BGJs=
+github.com/breml/bidichk v0.3.2/go.mod h1:VzFLBxuYtT23z5+iVkamXO386OB+/sVwZOpIj6zXGos=
+github.com/breml/errchkjson v0.4.0 h1:gftf6uWZMtIa/Is3XJgibewBm2ksAQSY/kABDNFTAdk=
+github.com/breml/errchkjson v0.4.0/go.mod h1:AuBOSTHyLSaaAFlWsRSuRBIroCh3eh7ZHh5YeelDIk8=
github.com/butuzov/ireturn v0.3.0 h1:hTjMqWw3y5JC3kpnC5vXmFJAWI/m31jaCYQqzkS6PL0=
github.com/butuzov/ireturn v0.3.0/go.mod h1:A09nIiwiqzN/IoVo9ogpa0Hzi9fex1kd9PSD6edP5ZA=
github.com/butuzov/mirror v1.2.0 h1:9YVK1qIjNspaqWutSv8gsge2e/Xpq1eqEkslEUHy5cs=
@@ -115,8 +115,8 @@ github.com/chavacava/garif v0.1.0/go.mod h1:XMyYCkEL58DF0oyW4qDjjnPWONs2HBqYKI+U
github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
-github.com/ckaznocha/intrange v0.2.0 h1:FykcZuJ8BD7oX93YbO1UY9oZtkRbp+1/kJcDjkefYLs=
-github.com/ckaznocha/intrange v0.2.0/go.mod h1:r5I7nUlAAG56xmkOpw4XVr16BXhwYTUdcuRFeevn1oE=
+github.com/ckaznocha/intrange v0.2.1 h1:M07spnNEQoALOJhwrImSrJLaxwuiQK+hA2DeajBlwYk=
+github.com/ckaznocha/intrange v0.2.1/go.mod h1:7NEhVyf8fzZO5Ds7CRaqPEm52Ut83hsTiL5zbER/HYk=
github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
@@ -135,8 +135,8 @@ github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1m
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
github.com/ettle/strcase v0.2.0 h1:fGNiVF21fHXpX1niBgk0aROov1LagYsOwV/xqKDKR/Q=
github.com/ettle/strcase v0.2.0/go.mod h1:DajmHElDSaX76ITe3/VHVyMin4LWSJN5Z909Wp+ED1A=
-github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4=
-github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI=
+github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM=
+github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU=
github.com/fatih/structtag v1.2.0 h1:/OdNE99OxoI/PqaW/SuSK9uxxT3f/tcSZgon/ssNSx4=
github.com/fatih/structtag v1.2.0/go.mod h1:mBJUNpUnHmRKrKlQQlmCrh5PuhftFbNv8Ys4/aAZl94=
github.com/firefart/nonamedreturns v1.0.5 h1:tM+Me2ZaXs8tfdDw3X6DOX++wMCOqzYUho6tUTYIdRA=
@@ -147,10 +147,10 @@ github.com/fsnotify/fsnotify v1.5.4 h1:jRbGcIw6P2Meqdwuo0H1p6JVLbL5DHKAKlYndzMwV
github.com/fsnotify/fsnotify v1.5.4/go.mod h1:OVB6XrOHzAwXMpEM7uPOzcehqUV2UqJxmVXmkdnm1bU=
github.com/fzipp/gocyclo v0.6.0 h1:lsblElZG7d3ALtGMx9fmxeTKZaLLpU8mET09yN4BBLo=
github.com/fzipp/gocyclo v0.6.0/go.mod h1:rXPyn8fnlpa0R2csP/31uerbiVBugk5whMdlyaLkLoA=
-github.com/ghostiam/protogetter v0.3.6 h1:R7qEWaSgFCsy20yYHNIJsU9ZOb8TziSRRxuAOTVKeOk=
-github.com/ghostiam/protogetter v0.3.6/go.mod h1:7lpeDnEJ1ZjL/YtyoN99ljO4z0pd3H0d18/t2dPBxHw=
-github.com/go-critic/go-critic v0.11.4 h1:O7kGOCx0NDIni4czrkRIXTnit0mkyKOCePh3My6OyEU=
-github.com/go-critic/go-critic v0.11.4/go.mod h1:2QAdo4iuLik5S9YG0rT4wcZ8QxwHYkrr6/2MWAiv/vc=
+github.com/ghostiam/protogetter v0.3.8 h1:LYcXbYvybUyTIxN2Mj9h6rHrDZBDwZloPoKctWrFyJY=
+github.com/ghostiam/protogetter v0.3.8/go.mod h1:WZ0nw9pfzsgxuRsPOFQomgDVSWtDLJRfQJEhsGbmQMA=
+github.com/go-critic/go-critic v0.11.5 h1:TkDTOn5v7EEngMxu8KbuFqFR43USaaH8XRJLz1jhVYA=
+github.com/go-critic/go-critic v0.11.5/go.mod h1:wu6U7ny9PiaHaZHcvMDmdysMqvDem162Rh3zWTrqk8M=
github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
@@ -186,8 +186,8 @@ github.com/go-toolsmith/strparse v1.1.0 h1:GAioeZUK9TGxnLS+qfdqNbA4z0SSm5zVNtCQi
github.com/go-toolsmith/strparse v1.1.0/go.mod h1:7ksGy58fsaQkGQlY8WVoBFNyEPMGuJin1rfoPS4lBSQ=
github.com/go-toolsmith/typep v1.1.0 h1:fIRYDyF+JywLfqzyhdiHzRop/GQDxxNhLGQ6gFUNHus=
github.com/go-toolsmith/typep v1.1.0/go.mod h1:fVIw+7zjdsMxDA3ITWnH1yOiw1rnTQKCsF/sk2H/qig=
-github.com/go-viper/mapstructure/v2 v2.1.0 h1:gHnMa2Y/pIxElCH2GlZZ1lZSsn6XMtufpGyP1XxdC/w=
-github.com/go-viper/mapstructure/v2 v2.1.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
+github.com/go-viper/mapstructure/v2 v2.2.1 h1:ZAaOCxANMuZx5RCeg0mBdEZk7DZasvvZIxtHqx8aGss=
+github.com/go-viper/mapstructure/v2 v2.2.1/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
github.com/go-xmlfmt/xmlfmt v1.1.2 h1:Nea7b4icn8s57fTx1M5AI4qQT5HEM3rVUO8MuE6g80U=
github.com/go-xmlfmt/xmlfmt v1.1.2/go.mod h1:aUCEOzzezBEjDBbFBoSiya/gduyIiWYRP6CnSFIV8AM=
github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
@@ -226,10 +226,12 @@ github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg
github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
github.com/golangci/dupl v0.0.0-20180902072040-3e9179ac440a h1:w8hkcTqaFpzKqonE9uMCefW1WDie15eSP/4MssdenaM=
github.com/golangci/dupl v0.0.0-20180902072040-3e9179ac440a/go.mod h1:ryS0uhF+x9jgbj/N71xsEqODy9BN81/GonCZiOzirOk=
+github.com/golangci/go-printf-func-name v0.1.0 h1:dVokQP+NMTO7jwO4bwsRwLWeudOVUPPyAKJuzv8pEJU=
+github.com/golangci/go-printf-func-name v0.1.0/go.mod h1:wqhWFH5mUdJQhweRnldEywnR5021wTdZSNgwYceV14s=
github.com/golangci/gofmt v0.0.0-20240816233607-d8596aa466a9 h1:/1322Qns6BtQxUZDTAT4SdcoxknUki7IAoK4SAXr8ME=
github.com/golangci/gofmt v0.0.0-20240816233607-d8596aa466a9/go.mod h1:Oesb/0uFAyWoaw1U1qS5zyjCg5NP9C9iwjnI4tIsXEE=
-github.com/golangci/golangci-lint v1.61.0 h1:VvbOLaRVWmyxCnUIMTbf1kDsaJbTzH20FAMXTAlQGu8=
-github.com/golangci/golangci-lint v1.61.0/go.mod h1:e4lztIrJJgLPhWvFPDkhiMwEFRrWlmFbrZea3FsJyN8=
+github.com/golangci/golangci-lint v1.62.0 h1:/G0g+bi1BhmGJqLdNQkKBWjcim8HjOPc4tsKuHDOhcI=
+github.com/golangci/golangci-lint v1.62.0/go.mod h1:jtoOhQcKTz8B6dGNFyfQV3WZkQk+YvBDewDtNpiAJts=
github.com/golangci/misspell v0.6.0 h1:JCle2HUTNWirNlDIAUO44hUsKhOFqGPoC4LZxlaSXDs=
github.com/golangci/misspell v0.6.0/go.mod h1:keMNyY6R9isGaSAu+4Q8NMBwMPkh15Gtc8UCVoDtAWo=
github.com/golangci/modinfo v0.3.4 h1:oU5huX3fbxqQXdfspamej74DFX0kyGLkw1ppvXoJ8GA=
@@ -301,8 +303,6 @@ github.com/jgautheron/goconst v1.7.1 h1:VpdAG7Ca7yvvJk5n8dMwQhfEZJh95kl/Hl9S1OI5
github.com/jgautheron/goconst v1.7.1/go.mod h1:aAosetZ5zaeC/2EfMeRswtxUFBpe2Hr7HzkgX4fanO4=
github.com/jingyugao/rowserrcheck v1.1.1 h1:zibz55j/MJtLsjP1OF4bSdgXxwL1b+Vn7Tjzq7gFzUs=
github.com/jingyugao/rowserrcheck v1.1.1/go.mod h1:4yvlZSDb3IyDTUZJUmpZfm2Hwok+Dtp+nu2qOq+er9c=
-github.com/jirfag/go-printf-func-name v0.0.0-20200119135958-7558a9eaa5af h1:KA9BjwUk7KlCh6S9EAGWBt1oExIUv9WyNCiRz5amv48=
-github.com/jirfag/go-printf-func-name v0.0.0-20200119135958-7558a9eaa5af/go.mod h1:HEWGJkRDzjJY2sqdDwxccsGicWEf9BQOZsq2tV+xzM0=
github.com/jjti/go-spancheck v0.6.2 h1:iYtoxqPMzHUPp7St+5yA8+cONdyXD3ug6KK15n7Pklk=
github.com/jjti/go-spancheck v0.6.2/go.mod h1:+X7lvIrR5ZdUTkxFYqzJ0abr8Sb5LOo80uOhWNqIrYA=
github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4=
@@ -318,8 +318,8 @@ github.com/julz/importas v0.1.0 h1:F78HnrsjY3cR7j0etXy5+TU1Zuy7Xt08X/1aJnH5xXY=
github.com/julz/importas v0.1.0/go.mod h1:oSFU2R4XK/P7kNBrnL/FEQlDGN1/6WoxXEjSSXO0DV0=
github.com/karamaru-alpha/copyloopvar v1.1.0 h1:x7gNyKcC2vRBO1H2Mks5u1VxQtYvFiym7fCjIP8RPos=
github.com/karamaru-alpha/copyloopvar v1.1.0/go.mod h1:u7CIfztblY0jZLOQZgH3oYsJzpC2A7S6u/lfgSXHy0k=
-github.com/kisielk/errcheck v1.7.0 h1:+SbscKmWJ5mOK/bO1zS60F5I9WwZDWOfRsC4RwfwRV0=
-github.com/kisielk/errcheck v1.7.0/go.mod h1:1kLL+jV4e+CFfueBmI1dSK2ADDyQnlrnrY/FqKluHJQ=
+github.com/kisielk/errcheck v1.8.0 h1:ZX/URYa7ilESY19ik/vBmCn6zdGQLxACwjAcWbHlYlg=
+github.com/kisielk/errcheck v1.8.0/go.mod h1:1kLL+jV4e+CFfueBmI1dSK2ADDyQnlrnrY/FqKluHJQ=
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
github.com/kkHAIKE/contextcheck v1.1.5 h1:CdnJh63tcDe53vG+RebdpdXJTc9atMgGqdx8LXxiilg=
github.com/kkHAIKE/contextcheck v1.1.5/go.mod h1:O930cpht4xb1YQpK+1+AgoM3mFsvxr7uyFptcnWTYUA=
@@ -339,16 +339,14 @@ github.com/kunwardeep/paralleltest v1.0.10 h1:wrodoaKYzS2mdNVnc4/w31YaXFtsc21PCT
github.com/kunwardeep/paralleltest v1.0.10/go.mod h1:2C7s65hONVqY7Q5Efj5aLzRCNLjw2h4eMc9EcypGjcY=
github.com/kyoh86/exportloopref v0.1.11 h1:1Z0bcmTypkL3Q4k+IDHMWTcnCliEZcaPiIe0/ymEyhQ=
github.com/kyoh86/exportloopref v0.1.11/go.mod h1:qkV4UF1zGl6EkF1ox8L5t9SwyeBAZ3qLMd6up458uqA=
-github.com/lasiar/canonicalheader v1.1.1 h1:wC+dY9ZfiqiPwAexUApFush/csSPXeIi4QqyxXmng8I=
-github.com/lasiar/canonicalheader v1.1.1/go.mod h1:cXkb3Dlk6XXy+8MVQnF23CYKWlyA7kfQhSw2CcZtZb0=
+github.com/lasiar/canonicalheader v1.1.2 h1:vZ5uqwvDbyJCnMhmFYimgMZnJMjwljN5VGY0VKbMXb4=
+github.com/lasiar/canonicalheader v1.1.2/go.mod h1:qJCeLFS0G/QlLQ506T+Fk/fWMa2VmBUiEI2cuMK4djI=
github.com/ldez/gomoddirectives v0.2.4 h1:j3YjBIjEBbqZ0NKtBNzr8rtMHTOrLPeiwTkfUJZ3alg=
github.com/ldez/gomoddirectives v0.2.4/go.mod h1:oWu9i62VcQDYp9EQ0ONTfqLNh+mDLWWDO+SO0qSQw5g=
github.com/ldez/tagliatelle v0.5.0 h1:epgfuYt9v0CG3fms0pEgIMNPuFf/LpPIfjk4kyqSioo=
github.com/ldez/tagliatelle v0.5.0/go.mod h1:rj1HmWiL1MiKQuOONhd09iySTEkUuE/8+5jtPYz9xa4=
github.com/leonklingele/grouper v1.1.2 h1:o1ARBDLOmmasUaNDesWqWCIFH3u7hoFlM84YrjT3mIY=
github.com/leonklingele/grouper v1.1.2/go.mod h1:6D0M/HVkhs2yRKRFZUoGjeDy7EZTfFBE9gl4kjmIGkA=
-github.com/lufeee/execinquery v1.2.1 h1:hf0Ems4SHcUGBxpGN7Jz78z1ppVkP/837ZlETPCEtOM=
-github.com/lufeee/execinquery v1.2.1/go.mod h1:EC7DrEKView09ocscGHC+apXMIaorh4xqSxS/dy8SbM=
github.com/macabu/inamedparam v0.1.3 h1:2tk/phHkMlEL/1GNe/Yf6kkR/hkcUdAEY3L0hjYV1Mk=
github.com/macabu/inamedparam v0.1.3/go.mod h1:93FLICAIk/quk7eaPPQvbzihUdn/QkGDwIZEoLtpH6I=
github.com/magiconair/properties v1.8.6 h1:5ibWZ6iY0NctNGWo87LalDlEZ6R41TqbbDamhfG/Qzo=
@@ -366,12 +364,13 @@ github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovk
github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
-github.com/mattn/go-runewidth v0.0.9 h1:Lm995f3rfxdpd6TSmuVCHVb/QhupuXlYr8sCI/QdE+0=
github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
+github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc=
+github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU=
github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
-github.com/mgechev/revive v1.3.9 h1:18Y3R4a2USSBF+QZKFQwVkBROUda7uoBlkEuBD+YD1A=
-github.com/mgechev/revive v1.3.9/go.mod h1:+uxEIr5UH0TjXWHTno3xh4u7eg6jDpXKzQccA9UGhHU=
+github.com/mgechev/revive v1.5.0 h1:oaSmjA7rP8+HyoRuCgC531VHwnLH1AlJdjj+1AnQceQ=
+github.com/mgechev/revive v1.5.0/go.mod h1:L6T3H8EoerRO86c7WuGpvohIUmiploGiyoYbtIWFmV8=
github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
@@ -391,8 +390,8 @@ github.com/nishanths/exhaustive v0.12.0 h1:vIY9sALmw6T/yxiASewa4TQcFsVYZQQRUQJhK
github.com/nishanths/exhaustive v0.12.0/go.mod h1:mEZ95wPIZW+x8kC4TgC+9YCUgiST7ecevsVDTgc2obs=
github.com/nishanths/predeclared v0.2.2 h1:V2EPdZPliZymNAn79T8RkNApBjMmVKh5XRpLm/w98Vk=
github.com/nishanths/predeclared v0.2.2/go.mod h1:RROzoN6TnGQupbC+lqggsOlcgysk3LMK/HI84Mp280c=
-github.com/nunnatsa/ginkgolinter v0.16.2 h1:8iLqHIZvN4fTLDC0Ke9tbSZVcyVHoBs0HIbnVSxfHJk=
-github.com/nunnatsa/ginkgolinter v0.16.2/go.mod h1:4tWRinDN1FeJgU+iJANW/kz7xKN5nYRAOfJDQUS9dOQ=
+github.com/nunnatsa/ginkgolinter v0.18.0 h1:ZXO1wKhPg3A6LpbN5dMuqwhfOjN5c3ous8YdKOuqk9k=
+github.com/nunnatsa/ginkgolinter v0.18.0/go.mod h1:vPrWafSULmjMGCMsfGA908if95VnHQNAahvSBOjTuWs=
github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec=
github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY=
github.com/onsi/ginkgo/v2 v2.20.2 h1:7NVCeyIWROIAheY21RLS+3j2bb52W0W82tkberYytp4=
@@ -452,9 +451,14 @@ github.com/quasilyte/regex/syntax v0.0.0-20210819130434-b3f0c404a727 h1:TCg2WBOl
github.com/quasilyte/regex/syntax v0.0.0-20210819130434-b3f0c404a727/go.mod h1:rlzQ04UMyJXu/aOvhd8qT+hvDrFpiwqp8MRXDY9szc0=
github.com/quasilyte/stdinfo v0.0.0-20220114132959-f7386bf02567 h1:M8mH9eK4OUR4lu7Gd+PU1fV2/qnDNfzT635KRSObncs=
github.com/quasilyte/stdinfo v0.0.0-20220114132959-f7386bf02567/go.mod h1:DWNGW8A4Y+GyBgPuaQJuWiy0XYftx4Xm/y5Jqk9I6VQ=
+github.com/raeperd/recvcheck v0.1.2 h1:SjdquRsRXJc26eSonWIo8b7IMtKD3OAT2Lb5G3ZX1+4=
+github.com/raeperd/recvcheck v0.1.2/go.mod h1:n04eYkwIR0JbgD73wT8wL4JjPC3wm0nFtzBnWNocnYU=
+github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc=
+github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
+github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
-github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
+github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII=
+github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
github.com/ryancurrah/gomodguard v1.3.5 h1:cShyguSwUEeC0jS7ylOiG/idnd1TpJ1LfHGpV3oJmPU=
github.com/ryancurrah/gomodguard v1.3.5/go.mod h1:MXlEPQRxgfPQa62O8wzK3Ozbkv9Rkqr+wKjSxTdsNJE=
@@ -468,8 +472,8 @@ github.com/sashamelentyev/interfacebloat v1.1.0 h1:xdRdJp0irL086OyW1H/RTZTr1h/tM
github.com/sashamelentyev/interfacebloat v1.1.0/go.mod h1:+Y9yU5YdTkrNvoX0xHc84dxiN1iBi9+G8zZIhPVoNjQ=
github.com/sashamelentyev/usestdlibvars v1.27.0 h1:t/3jZpSXtRPRf2xr0m63i32ZrusyurIGT9E5wAvXQnI=
github.com/sashamelentyev/usestdlibvars v1.27.0/go.mod h1:9nl0jgOfHKWNFS43Ojw0i7aRoS4j6EBye3YBhmAIRF8=
-github.com/securego/gosec/v2 v2.21.2 h1:deZp5zmYf3TWwU7A7cR2+SolbTpZ3HQiwFqnzQyEl3M=
-github.com/securego/gosec/v2 v2.21.2/go.mod h1:au33kg78rNseF5PwPnTWhuYBFf534bvJRvOrgZ/bFzU=
+github.com/securego/gosec/v2 v2.21.4 h1:Le8MSj0PDmOnHJgUATjD96PaXRvCpKC+DGJvwyy0Mlk=
+github.com/securego/gosec/v2 v2.21.4/go.mod h1:Jtb/MwRQfRxCXyCm1rfM1BEiiiTfUOdyzzAhlr6lUTA=
github.com/shazow/go-diff v0.0.0-20160112020656-b6b7b6733b8c h1:W65qqJCIOVP4jpqPQ0YvHYKwcMEMVWIzWC5iNQQfBTU=
github.com/shazow/go-diff v0.0.0-20160112020656-b6b7b6733b8c/go.mod h1:/PevMnwAxekIXwN8qQyfc5gl2NlkB3CQlkizAbOkeBs=
github.com/shurcooL/go v0.0.0-20180423040247-9e1955d9fb6e/go.mod h1:TDJrrUr11Vxrven61rcy3hJMUqaf/CLWYhHNPmT14Lk=
@@ -481,10 +485,10 @@ github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ
github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
github.com/sivchari/containedctx v1.0.3 h1:x+etemjbsh2fB5ewm5FeLNi5bUjK0V8n0RB+Wwfd0XE=
github.com/sivchari/containedctx v1.0.3/go.mod h1:c1RDvCbnJLtH4lLcYD/GqwiBSSf4F5Qk0xld2rBqzJ4=
-github.com/sivchari/tenv v1.10.0 h1:g/hzMA+dBCKqGXgW8AV/1xIWhAvDrx0zFKNR48NFMg0=
-github.com/sivchari/tenv v1.10.0/go.mod h1:tdY24masnVoZFxYrHv/nD6Tc8FbkEtAQEEziXpyMgqY=
-github.com/sonatard/noctx v0.0.2 h1:L7Dz4De2zDQhW8S0t+KUjY0MAQJd6SgVwhzNIc4ok00=
-github.com/sonatard/noctx v0.0.2/go.mod h1:kzFz+CzWSjQ2OzIm46uJZoXuBpa2+0y3T36U18dWqIo=
+github.com/sivchari/tenv v1.12.1 h1:+E0QzjktdnExv/wwsnnyk4oqZBUfuh89YMQT1cyuvSY=
+github.com/sivchari/tenv v1.12.1/go.mod h1:1LjSOUCc25snIr5n3DtGGrENhX3LuWefcplwVGC24mw=
+github.com/sonatard/noctx v0.1.0 h1:JjqOc2WN16ISWAjAk8M5ej0RfExEXtkEyExl2hLW+OM=
+github.com/sonatard/noctx v0.1.0/go.mod h1:0RvBxqY8D4j9cTTTWE8ylt2vqj2EPI8fHmrxHdsaZ2c=
github.com/sourcegraph/go-diff v0.7.0 h1:9uLlrd5T46OXs5qpp8L/MTltk0zikUGi0sNNyCpA8G0=
github.com/sourcegraph/go-diff v0.7.0/go.mod h1:iBszgVvyxdc8SFZ7gm69go2KDdt3ag071iBaWPF6cjs=
github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8=
@@ -527,12 +531,12 @@ github.com/tenntenn/modver v1.0.1 h1:2klLppGhDgzJrScMpkj9Ujy3rXPUspSjAcev9tSEBgA
github.com/tenntenn/modver v1.0.1/go.mod h1:bePIyQPb7UeioSRkw3Q0XeMhYZSMx9B8ePqg6SAMGH0=
github.com/tenntenn/text/transform v0.0.0-20200319021203-7eef512accb3 h1:f+jULpRQGxTSkNYKJ51yaw6ChIqO+Je8UqsTKN/cDag=
github.com/tenntenn/text/transform v0.0.0-20200319021203-7eef512accb3/go.mod h1:ON8b8w4BN/kE1EOhwT0o+d62W65a6aPw1nouo9LMgyY=
-github.com/tetafro/godot v1.4.17 h1:pGzu+Ye7ZUEFx7LHU0dAKmCOXWsPjl7qA6iMGndsjPs=
-github.com/tetafro/godot v1.4.17/go.mod h1:2oVxTBSftRTh4+MVfUaUXR6bn2GDXCaMcOG4Dk3rfio=
+github.com/tetafro/godot v1.4.18 h1:ouX3XGiziKDypbpXqShBfnNLTSjR8r3/HVzrtJ+bHlI=
+github.com/tetafro/godot v1.4.18/go.mod h1:2oVxTBSftRTh4+MVfUaUXR6bn2GDXCaMcOG4Dk3rfio=
github.com/timakin/bodyclose v0.0.0-20230421092635-574207250966 h1:quvGphlmUVU+nhpFa4gg4yJyTRJ13reZMDHrKwYw53M=
github.com/timakin/bodyclose v0.0.0-20230421092635-574207250966/go.mod h1:27bSVNWSBOHm+qRp1T9qzaIpsWEP6TbUnei/43HK+PQ=
-github.com/timonwong/loggercheck v0.9.4 h1:HKKhqrjcVj8sxL7K77beXh0adEm6DLjV/QOGeMXEVi4=
-github.com/timonwong/loggercheck v0.9.4/go.mod h1:caz4zlPcgvpEkXgVnAJGowHAMW2NwHaNlpS8xDbVhTg=
+github.com/timonwong/loggercheck v0.10.1 h1:uVZYClxQFpw55eh+PIoqM7uAOHMrhVcDoWDery9R8Lg=
+github.com/timonwong/loggercheck v0.10.1/go.mod h1:HEAWU8djynujaAVX7QI65Myb8qgfcZ1uKbdpg3ZzKl8=
github.com/tomarrell/wrapcheck/v2 v2.9.0 h1:801U2YCAjLhdN8zhZ/7tdjB3EnAoRlJHt/s+9hijLQ4=
github.com/tomarrell/wrapcheck/v2 v2.9.0/go.mod h1:g9vNIyhb5/9TQgumxQyOEqDHsmGYcGsVMOx/xGkqdMo=
github.com/tommy-muehle/go-mnd/v2 v2.5.1 h1:NowYhSdyE/1zwK9QCLeRb6USWdoif80Ie+v+yU8u1Zw=
@@ -543,6 +547,8 @@ github.com/ultraware/whitespace v0.1.1 h1:bTPOGejYFulW3PkcrqkeQwOd6NKOOXvmGD9bo/
github.com/ultraware/whitespace v0.1.1/go.mod h1:XcP1RLD81eV4BW8UhQlpaR+SDc2givTvyI8a586WjW8=
github.com/uudashr/gocognit v1.1.3 h1:l+a111VcDbKfynh+airAy/DJQKaXh2m9vkoysMPSZyM=
github.com/uudashr/gocognit v1.1.3/go.mod h1:aKH8/e8xbTRBwjbCkwZ8qt4l2EpKXl31KMHgSS+lZ2U=
+github.com/uudashr/iface v1.2.0 h1:ECJjh5q/1Zmnv/2yFpWV6H3oMg5+Mo+vL0aqw9Gjazo=
+github.com/uudashr/iface v1.2.0/go.mod h1:Ux/7d/rAF3owK4m53cTVXL4YoVHKNqnoOeQHn2xrlp0=
github.com/xen0n/gosmopolitan v1.2.2 h1:/p2KTnMzwRexIW8GlKawsTWOxn7UHA+jCMF/V8HHtvU=
github.com/xen0n/gosmopolitan v1.2.2/go.mod h1:7XX7Mj61uLYrj0qmeN0zi7XDon9JRAEhYQqAPLVNTeg=
github.com/yagipy/maintidx v1.0.0 h1:h5NvIsCz+nRDapQ0exNv4aJ0yXSI0420omVANTv3GJM=
@@ -562,8 +568,8 @@ gitlab.com/bosi/decorder v0.4.2 h1:qbQaV3zgwnBZ4zPMhGLW4KZe7A7NwxEhJx39R3shffo=
gitlab.com/bosi/decorder v0.4.2/go.mod h1:muuhHoaJkA9QLcYHq4Mj8FJUwDZ+EirSHRiaTcTf6T8=
go-simpler.org/assert v0.9.0 h1:PfpmcSvL7yAnWyChSjOz6Sp6m9j5lyK8Ok9pEL31YkQ=
go-simpler.org/assert v0.9.0/go.mod h1:74Eqh5eI6vCK6Y5l3PI8ZYFXG4Sa+tkr70OIPJAUr28=
-go-simpler.org/musttag v0.12.2 h1:J7lRc2ysXOq7eM8rwaTYnNrHd5JwjppzB6mScysB2Cs=
-go-simpler.org/musttag v0.12.2/go.mod h1:uN1DVIasMTQKk6XSik7yrJoEysGtR2GRqvWnI9S7TYM=
+go-simpler.org/musttag v0.13.0 h1:Q/YAW0AHvaoaIbsPj3bvEI5/QFP7w696IMUpnKXQfCE=
+go-simpler.org/musttag v0.13.0/go.mod h1:FTzIGeK6OkKlUDVpj0iQUXZLUO1Js9+mvykDQy9C5yM=
go-simpler.org/sloglint v0.7.2 h1:Wc9Em/Zeuu7JYpl+oKoYOsQSy2X560aVueCW/m6IijY=
go-simpler.org/sloglint v0.7.2/go.mod h1:US+9C80ppl7VsThQclkM7BkCHQAzuz8kHLsW3ppuluo=
go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
@@ -573,8 +579,8 @@ go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw=
go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
-go.uber.org/automaxprocs v1.5.3 h1:kWazyxZUrS3Gs4qUpbwo5kEIMGe/DAvi5Z4tl2NW4j8=
-go.uber.org/automaxprocs v1.5.3/go.mod h1:eRbA25aqJrxAbsLO0xy5jVwPt7FQnRgjW+efnwa1WM0=
+go.uber.org/automaxprocs v1.6.0 h1:O3y2/QNTOdbF+e/dpXNNW7Rx2hZ4sTIPyybbxyNqTUs=
+go.uber.org/automaxprocs v1.6.0/go.mod h1:ifeIMSnPZuznNm6jmdzmU3/bfk01Fe2fotchwEFJ8r8=
go.uber.org/goleak v1.1.11 h1:wy28qYRKZgnJTxGxvye5/wgWr1EKjmUDGYox5mGlRlI=
go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4=
@@ -599,12 +605,12 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0
golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
-golang.org/x/exp v0.0.0-20240904232852-e7e105dedf7e h1:I88y4caeGeuDQxgdoFPUq097j7kNfw6uvuiNxUBfcBk=
-golang.org/x/exp v0.0.0-20240904232852-e7e105dedf7e/go.mod h1:akd2r19cwCdwSwWeIdzYQGa/EZZyqcOdwWiwj5L5eKQ=
+golang.org/x/exp v0.0.0-20240909161429-701f63a606c0 h1:e66Fs6Z+fZTbFBAxKfP3PALWBtpfqks2bwGcexMxgtk=
+golang.org/x/exp v0.0.0-20240909161429-701f63a606c0/go.mod h1:2TbTHSBQa924w8M6Xs1QcRcFwyucIwBGpK1p2f1YFFY=
golang.org/x/exp/typeparams v0.0.0-20220428152302-39d4317da171/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk=
golang.org/x/exp/typeparams v0.0.0-20230203172020-98cc5a0785f9/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk=
-golang.org/x/exp/typeparams v0.0.0-20240314144324-c7f7c6466f7f h1:phY1HzDcf18Aq9A8KkmRtY9WvOFIxN8wgfvy6Zm1DV8=
-golang.org/x/exp/typeparams v0.0.0-20240314144324-c7f7c6466f7f/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk=
+golang.org/x/exp/typeparams v0.0.0-20240909161429-701f63a606c0 h1:bVwtbF629Xlyxk6xLQq2TDYmqP0uiWaet5LwRebuY0k=
+golang.org/x/exp/typeparams v0.0.0-20240909161429-701f63a606c0/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk=
golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
@@ -633,8 +639,8 @@ golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91
golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI=
golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0=
-golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
+golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4=
+golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY=
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -673,8 +679,8 @@ golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws=
golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE=
-golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg=
+golang.org/x/net v0.31.0 h1:68CPQngjLL0r2AlUKiSxtQFKvzRVbnzLwMUn5SzcLHo=
+golang.org/x/net v0.31.0/go.mod h1:P4fl1q7dY2hnZFxEk4pPSkDHF+QqjitcnDjUQyMM+pM=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -694,8 +700,8 @@ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJ
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ=
-golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.9.0 h1:fEo0HyrW1GIgZdpbhCRO0PkJajUS5H9IFUztCgEo2jQ=
+golang.org/x/sync v0.9.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -749,8 +755,8 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34=
-golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s=
+golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
@@ -789,7 +795,6 @@ golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtn
golang.org/x/tools v0.0.0-20190910044552-dd2b5c81c578/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
@@ -832,8 +837,8 @@ golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA=
golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k=
golang.org/x/tools v0.5.0/go.mod h1:N+Kgy78s5I24c24dU8OfWNEotWjutIs8SnJvn5IDq+k=
golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.24.0 h1:J1shsA93PJUEVaUSaay7UXAyE8aimq3GW0pjlolpa24=
-golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ=
+golang.org/x/tools v0.27.0 h1:qEKojBykQkQ4EynWy4S8Weg69NumxKdn40Fce3uc/8o=
+golang.org/x/tools v0.27.0/go.mod h1:sUi0ZgbwW9ZPAq26Ekut+weQPR5eIM6GQLQ1Yjm1H0Q=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
diff --git a/tools/src/helm-docs/go.mod b/tools/src/helm-docs/go.mod
index 2f61f2bf33a..05180f8b0f0 100644
--- a/tools/src/helm-docs/go.mod
+++ b/tools/src/helm-docs/go.mod
@@ -1,6 +1,6 @@
module github.com/envoyproxy/gateway/tools/src/helm-docs
-go 1.23.1
+go 1.23.3
require github.com/norwoodj/helm-docs v1.14.2
diff --git a/tools/src/jb/go.mod b/tools/src/jb/go.mod
index fb8807bab20..9915adc8bfd 100644
--- a/tools/src/jb/go.mod
+++ b/tools/src/jb/go.mod
@@ -1,6 +1,6 @@
module github.com/envoyproxy/gateway/tools/src/jb
-go 1.23.1
+go 1.23.3
require github.com/jsonnet-bundler/jsonnet-bundler v0.5.1
diff --git a/tools/src/jsonnet/go.mod b/tools/src/jsonnet/go.mod
index 2cf5cfd4c7b..aec5a71feeb 100644
--- a/tools/src/jsonnet/go.mod
+++ b/tools/src/jsonnet/go.mod
@@ -1,6 +1,6 @@
module github.com/envoyproxy/gateway/tools/src/jsonnet
-go 1.23.1
+go 1.23.3
require github.com/google/go-jsonnet v0.20.0
diff --git a/tools/src/kind/go.mod b/tools/src/kind/go.mod
index 969589cce84..398e0d90a29 100644
--- a/tools/src/kind/go.mod
+++ b/tools/src/kind/go.mod
@@ -1,8 +1,8 @@
module github.com/envoyproxy/gateway/tools/src/kind
-go 1.23.1
+go 1.23.3
-require sigs.k8s.io/kind v0.24.0
+require sigs.k8s.io/kind v0.25.0
require (
github.com/BurntSushi/toml v1.4.0 // indirect
diff --git a/tools/src/kind/go.sum b/tools/src/kind/go.sum
index e811249cb1e..43de9d29a84 100644
--- a/tools/src/kind/go.sum
+++ b/tools/src/kind/go.sum
@@ -36,7 +36,7 @@ gopkg.in/check.v1 v1.0.0-20200902074654-038fdea0a05b h1:QRR6H1YWRnHb4Y/HeNFCTJLF
gopkg.in/check.v1 v1.0.0-20200902074654-038fdea0a05b/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-sigs.k8s.io/kind v0.24.0 h1:g4y4eu0qa+SCeKESLpESgMmVFBebL0BDa6f777OIWrg=
-sigs.k8s.io/kind v0.24.0/go.mod h1:t7ueEpzPYJvHA8aeLtI52rtFftNgUYUaCwvxjk7phfw=
+sigs.k8s.io/kind v0.25.0 h1:ugUvgesHKKA0yKmD6QtYTiEev+kPUpGxdTPbMGf8VTU=
+sigs.k8s.io/kind v0.25.0/go.mod h1:t7ueEpzPYJvHA8aeLtI52rtFftNgUYUaCwvxjk7phfw=
sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=
diff --git a/tools/src/protoc-gen-go-grpc/go.mod b/tools/src/protoc-gen-go-grpc/go.mod
index 11e0bc567bd..1b6f5e9f0c6 100644
--- a/tools/src/protoc-gen-go-grpc/go.mod
+++ b/tools/src/protoc-gen-go-grpc/go.mod
@@ -1,6 +1,6 @@
module github.com/envoyproxy/gateway/tools/src/protoc-gen-go-grpc
-go 1.23.1
+go 1.23.3
require google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.3.0
diff --git a/tools/src/protoc-gen-go/go.mod b/tools/src/protoc-gen-go/go.mod
index 588c433426f..86ccc619362 100644
--- a/tools/src/protoc-gen-go/go.mod
+++ b/tools/src/protoc-gen-go/go.mod
@@ -1,5 +1,5 @@
module github.com/envoyproxy/gateway/tools/src/protoc-gen-go
-go 1.23.1
+go 1.23.3
require google.golang.org/protobuf v1.33.0
diff --git a/tools/src/setup-envtest/go.mod b/tools/src/setup-envtest/go.mod
index 33e82a774e7..53ea509481f 100644
--- a/tools/src/setup-envtest/go.mod
+++ b/tools/src/setup-envtest/go.mod
@@ -1,6 +1,6 @@
module local
-go 1.23.1
+go 1.23.3
require sigs.k8s.io/controller-runtime/tools/setup-envtest v0.0.0-20240813183042-b901db121e1f